aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorRichard Guy Briggs <rgb@redhat.com>2014-06-16 15:52:07 -0400
committerMimi Zohar <zohar@linux.vnet.ibm.com>2014-07-17 09:35:10 -0400
commit7e9001f663636116fdc2ea7978f0350849ced624 (patch)
tree43500e733d4de5bf4a10e95c0f77542acb3d2cb0 /security
parent209b43ca64a6f2b0c7ac66b457f530c52d608c3e (diff)
audit: fix dangling keywords in integrity ima message output
Replace spaces in op keyword labels in log output since userspace audit tools can't parse orphaned keywords. Reported-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security')
-rw-r--r--security/integrity/ima/ima_appraise.c2
-rw-r--r--security/integrity/ima/ima_policy.c6
2 files changed, 4 insertions, 4 deletions
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index d3113d4aaa3c..59ac90275070 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -214,7 +214,7 @@ int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,
214 hash_start = 1; 214 hash_start = 1;
215 case IMA_XATTR_DIGEST: 215 case IMA_XATTR_DIGEST:
216 if (iint->flags & IMA_DIGSIG_REQUIRED) { 216 if (iint->flags & IMA_DIGSIG_REQUIRED) {
217 cause = "IMA signature required"; 217 cause = "IMA-signature-required";
218 status = INTEGRITY_FAIL; 218 status = INTEGRITY_FAIL;
219 break; 219 break;
220 } 220 }
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index 40a7488f6721..cea84d8bd7be 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -332,7 +332,7 @@ void __init ima_init_policy(void)
332void ima_update_policy(void) 332void ima_update_policy(void)
333{ 333{
334 static const char op[] = "policy_update"; 334 static const char op[] = "policy_update";
335 const char *cause = "already exists"; 335 const char *cause = "already-exists";
336 int result = 1; 336 int result = 1;
337 int audit_info = 0; 337 int audit_info = 0;
338 338
@@ -659,7 +659,7 @@ ssize_t ima_parse_add_rule(char *rule)
659 /* Prevent installed policy from changing */ 659 /* Prevent installed policy from changing */
660 if (ima_rules != &ima_default_rules) { 660 if (ima_rules != &ima_default_rules) {
661 integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, 661 integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
662 NULL, op, "already exists", 662 NULL, op, "already-exists",
663 -EACCES, audit_info); 663 -EACCES, audit_info);
664 return -EACCES; 664 return -EACCES;
665 } 665 }
@@ -685,7 +685,7 @@ ssize_t ima_parse_add_rule(char *rule)
685 if (result) { 685 if (result) {
686 kfree(entry); 686 kfree(entry);
687 integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, 687 integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
688 NULL, op, "invalid policy", result, 688 NULL, op, "invalid-policy", result,
689 audit_info); 689 audit_info);
690 return result; 690 return result;
691 } 691 }