aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSteve Grubb <sgrubb redhat com>2006-12-14 11:48:47 -0500
committerAl Viro <viro@zeniv.linux.org.uk>2007-02-17 21:30:09 -0500
commita17b4ad778e1857944f5a1df95fb7758cd5cc58d (patch)
tree1ea5b505444ccd3e3f333d254bf737c77c7077eb
parent8a03d9a498eaf02c8a118752050a5154852c13bf (diff)
[PATCH] minor update to rule add/delete messages (ver 2)
I was looking at parsing some of these messages and found that I wanted what it was doing next to an op= for the parser to key on. Also missing was the list number and results. Signed-off-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r--kernel/auditfilter.c9
1 files changed, 5 insertions, 4 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 87865f8b4ce3..3749193aed8c 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -937,9 +937,10 @@ static void audit_update_watch(struct audit_parent *parent,
937 } 937 }
938 938
939 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); 939 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
940 audit_log_format(ab, "audit updated rules specifying path="); 940 audit_log_format(ab, "op=updated rules specifying path=");
941 audit_log_untrustedstring(ab, owatch->path); 941 audit_log_untrustedstring(ab, owatch->path);
942 audit_log_format(ab, " with dev=%u ino=%lu\n", dev, ino); 942 audit_log_format(ab, " with dev=%u ino=%lu\n", dev, ino);
943 audit_log_format(ab, " list=%d res=1", r->listnr);
943 audit_log_end(ab); 944 audit_log_end(ab);
944 945
945 audit_remove_watch(owatch); 946 audit_remove_watch(owatch);
@@ -969,14 +970,14 @@ static void audit_remove_parent_watches(struct audit_parent *parent)
969 e = container_of(r, struct audit_entry, rule); 970 e = container_of(r, struct audit_entry, rule);
970 971
971 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); 972 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
972 audit_log_format(ab, "audit implicitly removed rule path="); 973 audit_log_format(ab, "op=remove rule path=");
973 audit_log_untrustedstring(ab, w->path); 974 audit_log_untrustedstring(ab, w->path);
974 if (r->filterkey) { 975 if (r->filterkey) {
975 audit_log_format(ab, " key="); 976 audit_log_format(ab, " key=");
976 audit_log_untrustedstring(ab, r->filterkey); 977 audit_log_untrustedstring(ab, r->filterkey);
977 } else 978 } else
978 audit_log_format(ab, " key=(null)"); 979 audit_log_format(ab, " key=(null)");
979 audit_log_format(ab, " list=%d", r->listnr); 980 audit_log_format(ab, " list=%d res=1", r->listnr);
980 audit_log_end(ab); 981 audit_log_end(ab);
981 982
982 list_del(&r->rlist); 983 list_del(&r->rlist);
@@ -1410,7 +1411,7 @@ static void audit_log_rule_change(uid_t loginuid, u32 sid, char *action,
1410 audit_log_format(ab, " subj=%s", ctx); 1411 audit_log_format(ab, " subj=%s", ctx);
1411 kfree(ctx); 1412 kfree(ctx);
1412 } 1413 }
1413 audit_log_format(ab, " %s rule key=", action); 1414 audit_log_format(ab, " op=%s rule key=", action);
1414 if (rule->filterkey) 1415 if (rule->filterkey)
1415 audit_log_untrustedstring(ab, rule->filterkey); 1416 audit_log_untrustedstring(ab, rule->filterkey);
1416 else 1417 else