[AUDIT] add session id to audit messages

In order to correlate audit records to an individual login add a session id. This is incremented every time a user logs in and is included in almost all messages which currently output the auid. The field is labeled ses= or oses= Signed-off-by: Eric Paris <eparis@redhat.com>
author: Eric Paris <eparis@redhat.com> 2008-01-08 10:06:53 -0500
committer: Al Viro <viro@zeniv.linux.org.uk> 2008-02-01 14:06:51 -0500
commit: 4746ec5b01ed07205a91e4f7ed9de9d70f371407 (patch)
tree: 7a3a836b6178ccab24801e90b69c1159b2c23099 /security
parent: c2a7780efe37d01bdb3facc85a94663e6d67d4a8 (diff)
2 files changed, 13 insertions, 9 deletions
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index bee969432979..0341567665b3 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -172,9 +172,10 @@ static ssize_t sel_write_enforce(struct file * file, const char __user * buf,
                if (length)
                        goto out;
                audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
-                        "enforcing=%d old_enforcing=%d auid=%u", new_value, 
+                        "enforcing=%d old_enforcing=%d auid=%u ses=%u",
-                        selinux_enforcing,
+                        new_value, selinux_enforcing,
-                        audit_get_loginuid(current));
+                        audit_get_loginuid(current),
+                        audit_get_sessionid(current));
                selinux_enforcing = new_value;
                if (selinux_enforcing)
                        avc_ss_reset(0);
@@ -243,8 +244,9 @@ static ssize_t sel_write_disable(struct file * file, const char __user * buf,
                if (length < 0)
                        goto out;
                audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
-                        "selinux=0 auid=%u",
+                        "selinux=0 auid=%u ses=%u",
-                        audit_get_loginuid(current));
+                        audit_get_loginuid(current),
+                        audit_get_sessionid(current));
        }
        length = count;
@@ -356,8 +358,9 @@ out1:
                (security_get_allow_unknown() ? "allow" : "deny")));
        audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
-                "policy loaded auid=%u",
+                "policy loaded auid=%u ses=%u",
-                audit_get_loginuid(current));
+                audit_get_loginuid(current),
+                audit_get_sessionid(current));
 out:
        mutex_unlock(&sel_mutex);
        vfree(data);
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 819a6f91e801..fced6bccee76 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1905,11 +1905,12 @@ int security_set_bools(int len, int *values)
                if (!!values[i] != policydb.bool_val_to_struct[i]->state) {
                        audit_log(current->audit_context, GFP_ATOMIC,
                                AUDIT_MAC_CONFIG_CHANGE,
-                                "bool=%s val=%d old_val=%d auid=%u",
+                                "bool=%s val=%d old_val=%d auid=%u ses=%u",
                                policydb.p_bool_val_to_name[i],
                                !!values[i],
                                policydb.bool_val_to_struct[i]->state,
-                                audit_get_loginuid(current));
+                                audit_get_loginuid(current),
+                                audit_get_sessionid(current));
                }
                if (values[i]) {
                        policydb.bool_val_to_struct[i]->state = 1;
author	Eric Paris <eparis@redhat.com>	2008-01-08 10:06:53 -0500
committer	Al Viro <viro@zeniv.linux.org.uk>	2008-02-01 14:06:51 -0500
commit	4746ec5b01ed07205a91e4f7ed9de9d70f371407 (patch)
tree	7a3a836b6178ccab24801e90b69c1159b2c23099 /security
parent	c2a7780efe37d01bdb3facc85a94663e6d67d4a8 (diff)