diff options
author | Richard Guy Briggs <rgb@redhat.com> | 2014-06-16 15:52:07 -0400 |
---|---|---|
committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2014-07-17 09:35:10 -0400 |
commit | 7e9001f663636116fdc2ea7978f0350849ced624 (patch) | |
tree | 43500e733d4de5bf4a10e95c0f77542acb3d2cb0 /security | |
parent | 209b43ca64a6f2b0c7ac66b457f530c52d608c3e (diff) |
audit: fix dangling keywords in integrity ima message output
Replace spaces in op keyword labels in log output since userspace audit tools
can't parse orphaned keywords.
Reported-by: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/integrity/ima/ima_appraise.c | 2 | ||||
-rw-r--r-- | security/integrity/ima/ima_policy.c | 6 |
2 files changed, 4 insertions, 4 deletions
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index d3113d4aaa3c..59ac90275070 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c | |||
@@ -214,7 +214,7 @@ int ima_appraise_measurement(int func, struct integrity_iint_cache *iint, | |||
214 | hash_start = 1; | 214 | hash_start = 1; |
215 | case IMA_XATTR_DIGEST: | 215 | case IMA_XATTR_DIGEST: |
216 | if (iint->flags & IMA_DIGSIG_REQUIRED) { | 216 | if (iint->flags & IMA_DIGSIG_REQUIRED) { |
217 | cause = "IMA signature required"; | 217 | cause = "IMA-signature-required"; |
218 | status = INTEGRITY_FAIL; | 218 | status = INTEGRITY_FAIL; |
219 | break; | 219 | break; |
220 | } | 220 | } |
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 40a7488f6721..cea84d8bd7be 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c | |||
@@ -332,7 +332,7 @@ void __init ima_init_policy(void) | |||
332 | void ima_update_policy(void) | 332 | void ima_update_policy(void) |
333 | { | 333 | { |
334 | static const char op[] = "policy_update"; | 334 | static const char op[] = "policy_update"; |
335 | const char *cause = "already exists"; | 335 | const char *cause = "already-exists"; |
336 | int result = 1; | 336 | int result = 1; |
337 | int audit_info = 0; | 337 | int audit_info = 0; |
338 | 338 | ||
@@ -659,7 +659,7 @@ ssize_t ima_parse_add_rule(char *rule) | |||
659 | /* Prevent installed policy from changing */ | 659 | /* Prevent installed policy from changing */ |
660 | if (ima_rules != &ima_default_rules) { | 660 | if (ima_rules != &ima_default_rules) { |
661 | integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, | 661 | integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, |
662 | NULL, op, "already exists", | 662 | NULL, op, "already-exists", |
663 | -EACCES, audit_info); | 663 | -EACCES, audit_info); |
664 | return -EACCES; | 664 | return -EACCES; |
665 | } | 665 | } |
@@ -685,7 +685,7 @@ ssize_t ima_parse_add_rule(char *rule) | |||
685 | if (result) { | 685 | if (result) { |
686 | kfree(entry); | 686 | kfree(entry); |
687 | integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, | 687 | integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, |
688 | NULL, op, "invalid policy", result, | 688 | NULL, op, "invalid-policy", result, |
689 | audit_info); | 689 | audit_info); |
690 | return result; | 690 | return result; |
691 | } | 691 | } |