aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2008-01-08 10:06:53 -0500
committerAl Viro <viro@zeniv.linux.org.uk>2008-02-01 14:06:51 -0500
commit4746ec5b01ed07205a91e4f7ed9de9d70f371407 (patch)
tree7a3a836b6178ccab24801e90b69c1159b2c23099 /security
parentc2a7780efe37d01bdb3facc85a94663e6d67d4a8 (diff)
[AUDIT] add session id to audit messages
In order to correlate audit records to an individual login add a session id. This is incremented every time a user logs in and is included in almost all messages which currently output the auid. The field is labeled ses= or oses= Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/selinuxfs.c17
-rw-r--r--security/selinux/ss/services.c5
2 files changed, 13 insertions, 9 deletions
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index bee969432979..0341567665b3 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -172,9 +172,10 @@ static ssize_t sel_write_enforce(struct file * file, const char __user * buf,
172 if (length) 172 if (length)
173 goto out; 173 goto out;
174 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, 174 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
175 "enforcing=%d old_enforcing=%d auid=%u", new_value, 175 "enforcing=%d old_enforcing=%d auid=%u ses=%u",
176 selinux_enforcing, 176 new_value, selinux_enforcing,
177 audit_get_loginuid(current)); 177 audit_get_loginuid(current),
178 audit_get_sessionid(current));
178 selinux_enforcing = new_value; 179 selinux_enforcing = new_value;
179 if (selinux_enforcing) 180 if (selinux_enforcing)
180 avc_ss_reset(0); 181 avc_ss_reset(0);
@@ -243,8 +244,9 @@ static ssize_t sel_write_disable(struct file * file, const char __user * buf,
243 if (length < 0) 244 if (length < 0)
244 goto out; 245 goto out;
245 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, 246 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
246 "selinux=0 auid=%u", 247 "selinux=0 auid=%u ses=%u",
247 audit_get_loginuid(current)); 248 audit_get_loginuid(current),
249 audit_get_sessionid(current));
248 } 250 }
249 251
250 length = count; 252 length = count;
@@ -356,8 +358,9 @@ out1:
356 (security_get_allow_unknown() ? "allow" : "deny"))); 358 (security_get_allow_unknown() ? "allow" : "deny")));
357 359
358 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD, 360 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
359 "policy loaded auid=%u", 361 "policy loaded auid=%u ses=%u",
360 audit_get_loginuid(current)); 362 audit_get_loginuid(current),
363 audit_get_sessionid(current));
361out: 364out:
362 mutex_unlock(&sel_mutex); 365 mutex_unlock(&sel_mutex);
363 vfree(data); 366 vfree(data);
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 819a6f91e801..fced6bccee76 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1905,11 +1905,12 @@ int security_set_bools(int len, int *values)
1905 if (!!values[i] != policydb.bool_val_to_struct[i]->state) { 1905 if (!!values[i] != policydb.bool_val_to_struct[i]->state) {
1906 audit_log(current->audit_context, GFP_ATOMIC, 1906 audit_log(current->audit_context, GFP_ATOMIC,
1907 AUDIT_MAC_CONFIG_CHANGE, 1907 AUDIT_MAC_CONFIG_CHANGE,
1908 "bool=%s val=%d old_val=%d auid=%u", 1908 "bool=%s val=%d old_val=%d auid=%u ses=%u",
1909 policydb.p_bool_val_to_name[i], 1909 policydb.p_bool_val_to_name[i],
1910 !!values[i], 1910 !!values[i],
1911 policydb.bool_val_to_struct[i]->state, 1911 policydb.bool_val_to_struct[i]->state,
1912 audit_get_loginuid(current)); 1912 audit_get_loginuid(current),
1913 audit_get_sessionid(current));
1913 } 1914 }
1914 if (values[i]) { 1915 if (values[i]) {
1915 policydb.bool_val_to_struct[i]->state = 1; 1916 policydb.bool_val_to_struct[i]->state = 1;