aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorPaul Moore <paul.moore@hp.com>2009-09-23 13:46:00 -0400
committerAl Viro <viro@zeniv.linux.org.uk>2009-09-24 03:50:26 -0400
commitd81165919ebf6e1cb9eeb612150f9287ad414659 (patch)
tree25b205e22ec1182e6a92f77381b58a5b09972f7f /security
parent939cbf260c1abce6cad4b95ea4ba9f5132b660b3 (diff)
lsm: Use a compressed IPv6 string format in audit events
Currently the audit subsystem prints uncompressed IPv6 addresses which not only differs from common usage but also results in ridiculously large audit strings which is not a good thing. This patch fixes this by simply converting audit to always print compressed IPv6 addresses. Old message example: audit(1253576792.161:30): avc: denied { ingress } for saddr=0000:0000:0000:0000:0000:0000:0000:0001 src=5000 daddr=0000:0000:0000:0000:0000:0000:0000:0001 dest=35502 netif=lo scontext=system_u:object_r:unlabeled_t:s15:c0.c1023 tcontext=system_u:object_r:lo_netif_t:s0-s15:c0.c1023 tclass=netif New message example: audit(1253576792.161:30): avc: denied { ingress } for saddr=::1 src=5000 daddr=::1 dest=35502 netif=lo scontext=system_u:object_r:unlabeled_t:s15:c0.c1023 tcontext=system_u:object_r:lo_netif_t:s0-s15:c0.c1023 tclass=netif Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'security')
-rw-r--r--security/lsm_audit.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/lsm_audit.c b/security/lsm_audit.c
index 500aad0ebd6..3bb90b6f1dd 100644
--- a/security/lsm_audit.c
+++ b/security/lsm_audit.c
@@ -187,7 +187,7 @@ static inline void print_ipv6_addr(struct audit_buffer *ab,
187 char *name1, char *name2) 187 char *name1, char *name2)
188{ 188{
189 if (!ipv6_addr_any(addr)) 189 if (!ipv6_addr_any(addr))
190 audit_log_format(ab, " %s=%pI6", name1, addr); 190 audit_log_format(ab, " %s=%pI6c", name1, addr);
191 if (port) 191 if (port)
192 audit_log_format(ab, " %s=%d", name2, ntohs(port)); 192 audit_log_format(ab, " %s=%d", name2, ntohs(port));
193} 193}