diff options
| author | Richard Guy Briggs <rgb@redhat.com> | 2014-09-18 20:47:48 -0400 |
|---|---|---|
| committer | Paul Moore <pmoore@redhat.com> | 2014-09-22 17:02:10 -0400 |
| commit | 4093a8443941d7021c7f747474a87a56cf666270 (patch) | |
| tree | 46febf759a27726f3807e4219b780174ae94283c /security | |
| parent | e173fb2646a832b424c80904c306b816760ce477 (diff) | |
selinux: normalize audit log formatting
Restructure to keyword=value pairs without spaces. Drop superfluous words in
text. Make invalid_context a keyword. Change result= keyword to seresult=.
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
[Minor rewrite to the patch subject line]
Signed-off-by: Paul Moore <pmoore@redhat.com>
Diffstat (limited to 'security')
| -rw-r--r-- | security/selinux/ss/services.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 2aa9d172dc7e..a1d3944751b9 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
| @@ -728,7 +728,7 @@ static int security_validtrans_handle_fail(struct context *ocontext, | |||
| 728 | if (context_struct_to_string(tcontext, &t, &tlen)) | 728 | if (context_struct_to_string(tcontext, &t, &tlen)) |
| 729 | goto out; | 729 | goto out; |
| 730 | audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR, | 730 | audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR, |
| 731 | "security_validate_transition: denied for" | 731 | "op=security_validate_transition seresult=denied" |
| 732 | " oldcontext=%s newcontext=%s taskcontext=%s tclass=%s", | 732 | " oldcontext=%s newcontext=%s taskcontext=%s tclass=%s", |
| 733 | o, n, t, sym_name(&policydb, SYM_CLASSES, tclass-1)); | 733 | o, n, t, sym_name(&policydb, SYM_CLASSES, tclass-1)); |
| 734 | out: | 734 | out: |
| @@ -877,7 +877,7 @@ int security_bounded_transition(u32 old_sid, u32 new_sid) | |||
| 877 | audit_log(current->audit_context, | 877 | audit_log(current->audit_context, |
| 878 | GFP_ATOMIC, AUDIT_SELINUX_ERR, | 878 | GFP_ATOMIC, AUDIT_SELINUX_ERR, |
| 879 | "op=security_bounded_transition " | 879 | "op=security_bounded_transition " |
| 880 | "result=denied " | 880 | "seresult=denied " |
| 881 | "oldcontext=%s newcontext=%s", | 881 | "oldcontext=%s newcontext=%s", |
| 882 | old_name, new_name); | 882 | old_name, new_name); |
| 883 | } | 883 | } |
| @@ -1351,8 +1351,8 @@ static int compute_sid_handle_invalid_context( | |||
| 1351 | if (context_struct_to_string(newcontext, &n, &nlen)) | 1351 | if (context_struct_to_string(newcontext, &n, &nlen)) |
| 1352 | goto out; | 1352 | goto out; |
| 1353 | audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR, | 1353 | audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR, |
| 1354 | "security_compute_sid: invalid context %s" | 1354 | "op=security_compute_sid invalid_context=%s" |
| 1355 | " for scontext=%s" | 1355 | " scontext=%s" |
| 1356 | " tcontext=%s" | 1356 | " tcontext=%s" |
| 1357 | " tclass=%s", | 1357 | " tclass=%s", |
| 1358 | n, s, t, sym_name(&policydb, SYM_CLASSES, tclass-1)); | 1358 | n, s, t, sym_name(&policydb, SYM_CLASSES, tclass-1)); |
| @@ -2607,8 +2607,10 @@ int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid) | |||
| 2607 | rc = convert_context_handle_invalid_context(&newcon); | 2607 | rc = convert_context_handle_invalid_context(&newcon); |
| 2608 | if (rc) { | 2608 | if (rc) { |
| 2609 | if (!context_struct_to_string(&newcon, &s, &len)) { | 2609 | if (!context_struct_to_string(&newcon, &s, &len)) { |
| 2610 | audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR, | 2610 | audit_log(current->audit_context, |
| 2611 | "security_sid_mls_copy: invalid context %s", s); | 2611 | GFP_ATOMIC, AUDIT_SELINUX_ERR, |
| 2612 | "op=security_sid_mls_copy " | ||
| 2613 | "invalid_context=%s", s); | ||
| 2612 | kfree(s); | 2614 | kfree(s); |
| 2613 | } | 2615 | } |
| 2614 | goto out_unlock; | 2616 | goto out_unlock; |