diff options
author | Eric Paris <eparis@redhat.com> | 2008-01-08 10:06:53 -0500 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2008-02-01 14:06:51 -0500 |
commit | 4746ec5b01ed07205a91e4f7ed9de9d70f371407 (patch) | |
tree | 7a3a836b6178ccab24801e90b69c1159b2c23099 /security | |
parent | c2a7780efe37d01bdb3facc85a94663e6d67d4a8 (diff) |
[AUDIT] add session id to audit messages
In order to correlate audit records to an individual login add a session
id. This is incremented every time a user logs in and is included in
almost all messages which currently output the auid. The field is
labeled ses= or oses=
Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/selinuxfs.c | 17 | ||||
-rw-r--r-- | security/selinux/ss/services.c | 5 |
2 files changed, 13 insertions, 9 deletions
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index bee969432979..0341567665b3 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c | |||
@@ -172,9 +172,10 @@ static ssize_t sel_write_enforce(struct file * file, const char __user * buf, | |||
172 | if (length) | 172 | if (length) |
173 | goto out; | 173 | goto out; |
174 | audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, | 174 | audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, |
175 | "enforcing=%d old_enforcing=%d auid=%u", new_value, | 175 | "enforcing=%d old_enforcing=%d auid=%u ses=%u", |
176 | selinux_enforcing, | 176 | new_value, selinux_enforcing, |
177 | audit_get_loginuid(current)); | 177 | audit_get_loginuid(current), |
178 | audit_get_sessionid(current)); | ||
178 | selinux_enforcing = new_value; | 179 | selinux_enforcing = new_value; |
179 | if (selinux_enforcing) | 180 | if (selinux_enforcing) |
180 | avc_ss_reset(0); | 181 | avc_ss_reset(0); |
@@ -243,8 +244,9 @@ static ssize_t sel_write_disable(struct file * file, const char __user * buf, | |||
243 | if (length < 0) | 244 | if (length < 0) |
244 | goto out; | 245 | goto out; |
245 | audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, | 246 | audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, |
246 | "selinux=0 auid=%u", | 247 | "selinux=0 auid=%u ses=%u", |
247 | audit_get_loginuid(current)); | 248 | audit_get_loginuid(current), |
249 | audit_get_sessionid(current)); | ||
248 | } | 250 | } |
249 | 251 | ||
250 | length = count; | 252 | length = count; |
@@ -356,8 +358,9 @@ out1: | |||
356 | (security_get_allow_unknown() ? "allow" : "deny"))); | 358 | (security_get_allow_unknown() ? "allow" : "deny"))); |
357 | 359 | ||
358 | audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD, | 360 | audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD, |
359 | "policy loaded auid=%u", | 361 | "policy loaded auid=%u ses=%u", |
360 | audit_get_loginuid(current)); | 362 | audit_get_loginuid(current), |
363 | audit_get_sessionid(current)); | ||
361 | out: | 364 | out: |
362 | mutex_unlock(&sel_mutex); | 365 | mutex_unlock(&sel_mutex); |
363 | vfree(data); | 366 | vfree(data); |
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 819a6f91e801..fced6bccee76 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
@@ -1905,11 +1905,12 @@ int security_set_bools(int len, int *values) | |||
1905 | if (!!values[i] != policydb.bool_val_to_struct[i]->state) { | 1905 | if (!!values[i] != policydb.bool_val_to_struct[i]->state) { |
1906 | audit_log(current->audit_context, GFP_ATOMIC, | 1906 | audit_log(current->audit_context, GFP_ATOMIC, |
1907 | AUDIT_MAC_CONFIG_CHANGE, | 1907 | AUDIT_MAC_CONFIG_CHANGE, |
1908 | "bool=%s val=%d old_val=%d auid=%u", | 1908 | "bool=%s val=%d old_val=%d auid=%u ses=%u", |
1909 | policydb.p_bool_val_to_name[i], | 1909 | policydb.p_bool_val_to_name[i], |
1910 | !!values[i], | 1910 | !!values[i], |
1911 | policydb.bool_val_to_struct[i]->state, | 1911 | policydb.bool_val_to_struct[i]->state, |
1912 | audit_get_loginuid(current)); | 1912 | audit_get_loginuid(current), |
1913 | audit_get_sessionid(current)); | ||
1913 | } | 1914 | } |
1914 | if (values[i]) { | 1915 | if (values[i]) { |
1915 | policydb.bool_val_to_struct[i]->state = 1; | 1916 | policydb.bool_val_to_struct[i]->state = 1; |