diff options
| author | Amy Griffis <amy.griffis@hp.com> | 2006-06-08 23:19:31 -0400 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2006-06-20 05:25:28 -0400 |
| commit | 9c937dcc71021f2dbf78f904f03d962dd9bcc130 (patch) | |
| tree | 6ab53c1cf1235515307d521cecc4f76afa34e137 /kernel/auditfilter.c | |
| parent | 6a2bceec0ea7fdc47aef9a3f2f771c201eaabe5d (diff) | |
[PATCH] log more info for directory entry change events
When an audit event involves changes to a directory entry, include
a PATH record for the directory itself. A few other notable changes:
- fixed audit_inode_child() hooks in fsnotify_move()
- removed unused flags arg from audit_inode()
- added audit log routines for logging a portion of a string
Here's some sample output.
before patch:
type=SYSCALL msg=audit(1149821605.320:26): arch=40000003 syscall=39 success=yes exit=0 a0=bf8d3c7c a1=1ff a2=804e1b8 a3=bf8d3c7c items=1 ppid=739 pid=800 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttyS0 comm="mkdir" exe="/bin/mkdir" subj=root:system_r:unconfined_t:s0-s0:c0.c255
type=CWD msg=audit(1149821605.320:26): cwd="/root"
type=PATH msg=audit(1149821605.320:26): item=0 name="foo" parent=164068 inode=164010 dev=03:00 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=root:object_r:user_home_t:s0
after patch:
type=SYSCALL msg=audit(1149822032.332:24): arch=40000003 syscall=39 success=yes exit=0 a0=bfdd9c7c a1=1ff a2=804e1b8 a3=bfdd9c7c items=2 ppid=714 pid=777 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttyS0 comm="mkdir" exe="/bin/mkdir" subj=root:system_r:unconfined_t:s0-s0:c0.c255
type=CWD msg=audit(1149822032.332:24): cwd="/root"
type=PATH msg=audit(1149822032.332:24): item=0 name="/root" inode=164068 dev=03:00 mode=040750 ouid=0 ogid=0 rdev=00:00 obj=root:object_r:user_home_dir_t:s0
type=PATH msg=audit(1149822032.332:24): item=1 name="foo" inode=164010 dev=03:00 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=root:object_r:user_home_t:s0
Signed-off-by: Amy Griffis <amy.griffis@hp.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'kernel/auditfilter.c')
| -rw-r--r-- | kernel/auditfilter.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index a536f7148bc..4c99d2c586e 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c | |||
| @@ -787,7 +787,7 @@ static void audit_update_watch(struct audit_parent *parent, | |||
| 787 | 787 | ||
| 788 | mutex_lock(&audit_filter_mutex); | 788 | mutex_lock(&audit_filter_mutex); |
| 789 | list_for_each_entry_safe(owatch, nextw, &parent->watches, wlist) { | 789 | list_for_each_entry_safe(owatch, nextw, &parent->watches, wlist) { |
| 790 | if (audit_compare_dname_path(dname, owatch->path)) | 790 | if (audit_compare_dname_path(dname, owatch->path, NULL)) |
| 791 | continue; | 791 | continue; |
| 792 | 792 | ||
| 793 | /* If the update involves invalidating rules, do the inode-based | 793 | /* If the update involves invalidating rules, do the inode-based |
| @@ -1387,7 +1387,8 @@ int audit_comparator(const u32 left, const u32 op, const u32 right) | |||
| 1387 | 1387 | ||
| 1388 | /* Compare given dentry name with last component in given path, | 1388 | /* Compare given dentry name with last component in given path, |
| 1389 | * return of 0 indicates a match. */ | 1389 | * return of 0 indicates a match. */ |
| 1390 | int audit_compare_dname_path(const char *dname, const char *path) | 1390 | int audit_compare_dname_path(const char *dname, const char *path, |
| 1391 | int *dirlen) | ||
| 1391 | { | 1392 | { |
| 1392 | int dlen, plen; | 1393 | int dlen, plen; |
| 1393 | const char *p; | 1394 | const char *p; |
| @@ -1416,6 +1417,9 @@ int audit_compare_dname_path(const char *dname, const char *path) | |||
| 1416 | p++; | 1417 | p++; |
| 1417 | } | 1418 | } |
| 1418 | 1419 | ||
| 1420 | /* return length of path's directory component */ | ||
| 1421 | if (dirlen) | ||
| 1422 | *dirlen = p - path; | ||
| 1419 | return strncmp(p, dname, dlen); | 1423 | return strncmp(p, dname, dlen); |
| 1420 | } | 1424 | } |
| 1421 | 1425 | ||