diff options
author | Burn Alting <burn@swtf.dyndns.org> | 2014-04-04 01:00:38 -0400 |
---|---|---|
committer | Eric Paris <eparis@redhat.com> | 2014-09-23 16:37:53 -0400 |
commit | e7df61f4d1ddb7fdd654dde6cd40f7cc398c3932 (patch) | |
tree | add425cf72c2343e32a10e8a0c0e2ce22affe668 | |
parent | 01478d7d60f654419ba863856cad0446bcb73a59 (diff) |
audit: invalid op= values for rules
Various audit events dealing with adding, removing and updating rules result in
invalid values set for the op keys which result in embedded spaces in op=
values.
The invalid values are
op="add rule" set in kernel/auditfilter.c
op="remove rule" set in kernel/auditfilter.c
op="remove rule" set in kernel/audit_tree.c
op="updated rules" set in kernel/audit_watch.c
op="remove rule" set in kernel/audit_watch.c
Replace the space in the above values with an underscore character ('_').
Coded-by: Burn Alting <burn@swtf.dyndns.org>
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
-rw-r--r-- | kernel/audit_tree.c | 2 | ||||
-rw-r--r-- | kernel/audit_watch.c | 4 | ||||
-rw-r--r-- | kernel/auditfilter.c | 4 |
3 files changed, 5 insertions, 5 deletions
diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c index 135944a7b28a..bd418c486e9a 100644 --- a/kernel/audit_tree.c +++ b/kernel/audit_tree.c | |||
@@ -457,7 +457,7 @@ static void audit_log_remove_rule(struct audit_krule *rule) | |||
457 | if (unlikely(!ab)) | 457 | if (unlikely(!ab)) |
458 | return; | 458 | return; |
459 | audit_log_format(ab, "op="); | 459 | audit_log_format(ab, "op="); |
460 | audit_log_string(ab, "remove rule"); | 460 | audit_log_string(ab, "remove_rule"); |
461 | audit_log_format(ab, " dir="); | 461 | audit_log_format(ab, " dir="); |
462 | audit_log_untrustedstring(ab, rule->tree->pathname); | 462 | audit_log_untrustedstring(ab, rule->tree->pathname); |
463 | audit_log_key(ab, rule->filterkey); | 463 | audit_log_key(ab, rule->filterkey); |
diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c index 70b4554d2fbe..ad9c1682f616 100644 --- a/kernel/audit_watch.c +++ b/kernel/audit_watch.c | |||
@@ -314,7 +314,7 @@ static void audit_update_watch(struct audit_parent *parent, | |||
314 | &nentry->rule.list); | 314 | &nentry->rule.list); |
315 | } | 315 | } |
316 | 316 | ||
317 | audit_watch_log_rule_change(r, owatch, "updated rules"); | 317 | audit_watch_log_rule_change(r, owatch, "updated_rules"); |
318 | 318 | ||
319 | call_rcu(&oentry->rcu, audit_free_rule_rcu); | 319 | call_rcu(&oentry->rcu, audit_free_rule_rcu); |
320 | } | 320 | } |
@@ -342,7 +342,7 @@ static void audit_remove_parent_watches(struct audit_parent *parent) | |||
342 | list_for_each_entry_safe(w, nextw, &parent->watches, wlist) { | 342 | list_for_each_entry_safe(w, nextw, &parent->watches, wlist) { |
343 | list_for_each_entry_safe(r, nextr, &w->rules, rlist) { | 343 | list_for_each_entry_safe(r, nextr, &w->rules, rlist) { |
344 | e = container_of(r, struct audit_entry, rule); | 344 | e = container_of(r, struct audit_entry, rule); |
345 | audit_watch_log_rule_change(r, w, "remove rule"); | 345 | audit_watch_log_rule_change(r, w, "remove_rule"); |
346 | list_del(&r->rlist); | 346 | list_del(&r->rlist); |
347 | list_del(&r->list); | 347 | list_del(&r->list); |
348 | list_del_rcu(&e->list); | 348 | list_del_rcu(&e->list); |
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 8e9bc9c3dbb7..b65a138250b8 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c | |||
@@ -1060,7 +1060,7 @@ int audit_rule_change(int type, __u32 portid, int seq, void *data, | |||
1060 | return PTR_ERR(entry); | 1060 | return PTR_ERR(entry); |
1061 | 1061 | ||
1062 | err = audit_add_rule(entry); | 1062 | err = audit_add_rule(entry); |
1063 | audit_log_rule_change("add rule", &entry->rule, !err); | 1063 | audit_log_rule_change("add_rule", &entry->rule, !err); |
1064 | if (err) | 1064 | if (err) |
1065 | audit_free_rule(entry); | 1065 | audit_free_rule(entry); |
1066 | break; | 1066 | break; |
@@ -1070,7 +1070,7 @@ int audit_rule_change(int type, __u32 portid, int seq, void *data, | |||
1070 | return PTR_ERR(entry); | 1070 | return PTR_ERR(entry); |
1071 | 1071 | ||
1072 | err = audit_del_rule(entry); | 1072 | err = audit_del_rule(entry); |
1073 | audit_log_rule_change("remove rule", &entry->rule, !err); | 1073 | audit_log_rule_change("remove_rule", &entry->rule, !err); |
1074 | audit_free_rule(entry); | 1074 | audit_free_rule(entry); |
1075 | break; | 1075 | break; |
1076 | default: | 1076 | default: |