aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBurn Alting <burn@swtf.dyndns.org>2014-04-04 01:00:38 -0400
committerEric Paris <eparis@redhat.com>2014-09-23 16:37:53 -0400
commite7df61f4d1ddb7fdd654dde6cd40f7cc398c3932 (patch)
treeadd425cf72c2343e32a10e8a0c0e2ce22affe668
parent01478d7d60f654419ba863856cad0446bcb73a59 (diff)
audit: invalid op= values for rules
Various audit events dealing with adding, removing and updating rules result in invalid values set for the op keys which result in embedded spaces in op= values. The invalid values are op="add rule" set in kernel/auditfilter.c op="remove rule" set in kernel/auditfilter.c op="remove rule" set in kernel/audit_tree.c op="updated rules" set in kernel/audit_watch.c op="remove rule" set in kernel/audit_watch.c Replace the space in the above values with an underscore character ('_'). Coded-by: Burn Alting <burn@swtf.dyndns.org> Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
-rw-r--r--kernel/audit_tree.c2
-rw-r--r--kernel/audit_watch.c4
-rw-r--r--kernel/auditfilter.c4
3 files changed, 5 insertions, 5 deletions
diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c
index 135944a7b28a..bd418c486e9a 100644
--- a/kernel/audit_tree.c
+++ b/kernel/audit_tree.c
@@ -457,7 +457,7 @@ static void audit_log_remove_rule(struct audit_krule *rule)
457 if (unlikely(!ab)) 457 if (unlikely(!ab))
458 return; 458 return;
459 audit_log_format(ab, "op="); 459 audit_log_format(ab, "op=");
460 audit_log_string(ab, "remove rule"); 460 audit_log_string(ab, "remove_rule");
461 audit_log_format(ab, " dir="); 461 audit_log_format(ab, " dir=");
462 audit_log_untrustedstring(ab, rule->tree->pathname); 462 audit_log_untrustedstring(ab, rule->tree->pathname);
463 audit_log_key(ab, rule->filterkey); 463 audit_log_key(ab, rule->filterkey);
diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
index 70b4554d2fbe..ad9c1682f616 100644
--- a/kernel/audit_watch.c
+++ b/kernel/audit_watch.c
@@ -314,7 +314,7 @@ static void audit_update_watch(struct audit_parent *parent,
314 &nentry->rule.list); 314 &nentry->rule.list);
315 } 315 }
316 316
317 audit_watch_log_rule_change(r, owatch, "updated rules"); 317 audit_watch_log_rule_change(r, owatch, "updated_rules");
318 318
319 call_rcu(&oentry->rcu, audit_free_rule_rcu); 319 call_rcu(&oentry->rcu, audit_free_rule_rcu);
320 } 320 }
@@ -342,7 +342,7 @@ static void audit_remove_parent_watches(struct audit_parent *parent)
342 list_for_each_entry_safe(w, nextw, &parent->watches, wlist) { 342 list_for_each_entry_safe(w, nextw, &parent->watches, wlist) {
343 list_for_each_entry_safe(r, nextr, &w->rules, rlist) { 343 list_for_each_entry_safe(r, nextr, &w->rules, rlist) {
344 e = container_of(r, struct audit_entry, rule); 344 e = container_of(r, struct audit_entry, rule);
345 audit_watch_log_rule_change(r, w, "remove rule"); 345 audit_watch_log_rule_change(r, w, "remove_rule");
346 list_del(&r->rlist); 346 list_del(&r->rlist);
347 list_del(&r->list); 347 list_del(&r->list);
348 list_del_rcu(&e->list); 348 list_del_rcu(&e->list);
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 8e9bc9c3dbb7..b65a138250b8 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -1060,7 +1060,7 @@ int audit_rule_change(int type, __u32 portid, int seq, void *data,
1060 return PTR_ERR(entry); 1060 return PTR_ERR(entry);
1061 1061
1062 err = audit_add_rule(entry); 1062 err = audit_add_rule(entry);
1063 audit_log_rule_change("add rule", &entry->rule, !err); 1063 audit_log_rule_change("add_rule", &entry->rule, !err);
1064 if (err) 1064 if (err)
1065 audit_free_rule(entry); 1065 audit_free_rule(entry);
1066 break; 1066 break;
@@ -1070,7 +1070,7 @@ int audit_rule_change(int type, __u32 portid, int seq, void *data,
1070 return PTR_ERR(entry); 1070 return PTR_ERR(entry);
1071 1071
1072 err = audit_del_rule(entry); 1072 err = audit_del_rule(entry);
1073 audit_log_rule_change("remove rule", &entry->rule, !err); 1073 audit_log_rule_change("remove_rule", &entry->rule, !err);
1074 audit_free_rule(entry); 1074 audit_free_rule(entry);
1075 break; 1075 break;
1076 default: 1076 default: