diff options
author | Steve Grubb <sgrubb redhat com> | 2006-12-14 11:48:47 -0500 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2007-02-17 21:30:09 -0500 |
commit | a17b4ad778e1857944f5a1df95fb7758cd5cc58d (patch) | |
tree | 1ea5b505444ccd3e3f333d254bf737c77c7077eb | |
parent | 8a03d9a498eaf02c8a118752050a5154852c13bf (diff) |
[PATCH] minor update to rule add/delete messages (ver 2)
I was looking at parsing some of these messages and found that I wanted what
it was doing next to an op= for the parser to key on. Also missing was the list
number and results.
Signed-off-by: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r-- | kernel/auditfilter.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 87865f8b4ce3..3749193aed8c 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c | |||
@@ -937,9 +937,10 @@ static void audit_update_watch(struct audit_parent *parent, | |||
937 | } | 937 | } |
938 | 938 | ||
939 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); | 939 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); |
940 | audit_log_format(ab, "audit updated rules specifying path="); | 940 | audit_log_format(ab, "op=updated rules specifying path="); |
941 | audit_log_untrustedstring(ab, owatch->path); | 941 | audit_log_untrustedstring(ab, owatch->path); |
942 | audit_log_format(ab, " with dev=%u ino=%lu\n", dev, ino); | 942 | audit_log_format(ab, " with dev=%u ino=%lu\n", dev, ino); |
943 | audit_log_format(ab, " list=%d res=1", r->listnr); | ||
943 | audit_log_end(ab); | 944 | audit_log_end(ab); |
944 | 945 | ||
945 | audit_remove_watch(owatch); | 946 | audit_remove_watch(owatch); |
@@ -969,14 +970,14 @@ static void audit_remove_parent_watches(struct audit_parent *parent) | |||
969 | e = container_of(r, struct audit_entry, rule); | 970 | e = container_of(r, struct audit_entry, rule); |
970 | 971 | ||
971 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); | 972 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); |
972 | audit_log_format(ab, "audit implicitly removed rule path="); | 973 | audit_log_format(ab, "op=remove rule path="); |
973 | audit_log_untrustedstring(ab, w->path); | 974 | audit_log_untrustedstring(ab, w->path); |
974 | if (r->filterkey) { | 975 | if (r->filterkey) { |
975 | audit_log_format(ab, " key="); | 976 | audit_log_format(ab, " key="); |
976 | audit_log_untrustedstring(ab, r->filterkey); | 977 | audit_log_untrustedstring(ab, r->filterkey); |
977 | } else | 978 | } else |
978 | audit_log_format(ab, " key=(null)"); | 979 | audit_log_format(ab, " key=(null)"); |
979 | audit_log_format(ab, " list=%d", r->listnr); | 980 | audit_log_format(ab, " list=%d res=1", r->listnr); |
980 | audit_log_end(ab); | 981 | audit_log_end(ab); |
981 | 982 | ||
982 | list_del(&r->rlist); | 983 | list_del(&r->rlist); |
@@ -1410,7 +1411,7 @@ static void audit_log_rule_change(uid_t loginuid, u32 sid, char *action, | |||
1410 | audit_log_format(ab, " subj=%s", ctx); | 1411 | audit_log_format(ab, " subj=%s", ctx); |
1411 | kfree(ctx); | 1412 | kfree(ctx); |
1412 | } | 1413 | } |
1413 | audit_log_format(ab, " %s rule key=", action); | 1414 | audit_log_format(ab, " op=%s rule key=", action); |
1414 | if (rule->filterkey) | 1415 | if (rule->filterkey) |
1415 | audit_log_untrustedstring(ab, rule->filterkey); | 1416 | audit_log_untrustedstring(ab, rule->filterkey); |
1416 | else | 1417 | else |