diff options
| author | Eric Paris <eparis@redhat.com> | 2008-04-18 10:09:25 -0400 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2008-04-28 06:18:03 -0400 |
| commit | 2532386f480eefbdd67b48be55fb4fb3e5a6081c (patch) | |
| tree | dd6a5a3c4116a67380a1336319c16632f04f80f9 /net/netlabel | |
| parent | 436c405c7d19455a71f42c9bec5fd5e028f1eb4e (diff) | |
Audit: collect sessionid in netlink messages
Previously I added sessionid output to all audit messages where it was
available but we still didn't know the sessionid of the sender of
netlink messages. This patch adds that information to netlink messages
so we can audit who sent netlink messages.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'net/netlabel')
| -rw-r--r-- | net/netlabel/netlabel_unlabeled.c | 1 | ||||
| -rw-r--r-- | net/netlabel/netlabel_user.c | 4 | ||||
| -rw-r--r-- | net/netlabel/netlabel_user.h | 1 |
3 files changed, 5 insertions, 1 deletions
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index d282ad1570a7..0099da5b2591 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c | |||
| @@ -1780,6 +1780,7 @@ int __init netlbl_unlabel_defconf(void) | |||
| 1780 | * messages so don't worry to much about these values. */ | 1780 | * messages so don't worry to much about these values. */ |
| 1781 | security_task_getsecid(current, &audit_info.secid); | 1781 | security_task_getsecid(current, &audit_info.secid); |
| 1782 | audit_info.loginuid = 0; | 1782 | audit_info.loginuid = 0; |
| 1783 | audit_info.sessionid = 0; | ||
| 1783 | 1784 | ||
| 1784 | entry = kzalloc(sizeof(*entry), GFP_KERNEL); | 1785 | entry = kzalloc(sizeof(*entry), GFP_KERNEL); |
| 1785 | if (entry == NULL) | 1786 | if (entry == NULL) |
diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index b17d4203806e..68706b4e3bf8 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c | |||
| @@ -107,7 +107,9 @@ struct audit_buffer *netlbl_audit_start_common(int type, | |||
| 107 | if (audit_buf == NULL) | 107 | if (audit_buf == NULL) |
| 108 | return NULL; | 108 | return NULL; |
| 109 | 109 | ||
| 110 | audit_log_format(audit_buf, "netlabel: auid=%u", audit_info->loginuid); | 110 | audit_log_format(audit_buf, "netlabel: auid=%u ses=%u", |
| 111 | audit_info->loginuid, | ||
| 112 | audit_info->sessionid); | ||
| 111 | 113 | ||
| 112 | if (audit_info->secid != 0 && | 114 | if (audit_info->secid != 0 && |
| 113 | security_secid_to_secctx(audit_info->secid, | 115 | security_secid_to_secctx(audit_info->secid, |
diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h index 6d7f4ab46c2b..6caef8b20611 100644 --- a/net/netlabel/netlabel_user.h +++ b/net/netlabel/netlabel_user.h | |||
| @@ -51,6 +51,7 @@ static inline void netlbl_netlink_auditinfo(struct sk_buff *skb, | |||
| 51 | { | 51 | { |
| 52 | audit_info->secid = NETLINK_CB(skb).sid; | 52 | audit_info->secid = NETLINK_CB(skb).sid; |
| 53 | audit_info->loginuid = NETLINK_CB(skb).loginuid; | 53 | audit_info->loginuid = NETLINK_CB(skb).loginuid; |
| 54 | audit_info->sessionid = NETLINK_CB(skb).sessionid; | ||
| 54 | } | 55 | } |
| 55 | 56 | ||
| 56 | /* NetLabel NETLINK I/O functions */ | 57 | /* NetLabel NETLINK I/O functions */ |