Home Explore Help
Register Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

audit: invalid op= values for rules

Various audit events dealing with adding, removing and updating rules result in
invalid values set for the op keys which result in embedded spaces in op=
values.

The invalid values are
        op="add rule"       set in kernel/auditfilter.c
        op="remove rule"    set in kernel/auditfilter.c
        op="remove rule"    set in kernel/audit_tree.c
        op="updated rules"  set in kernel/audit_watch.c
        op="remove rule"    set in kernel/audit_watch.c

Replace the space in the above values with an underscore character ('_').

Coded-by: Burn Alting <burn@swtf.dyndns.org>
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Burn Alting 11 years ago
parent
01478d7d60
commit
e7df61f4d1
3 changed files with 5 additions and 5 deletions
Split View Show Diff Stats
  1. 1 1
      kernel/audit_tree.c
  2. 2 2
      kernel/audit_watch.c
  3. 2 2
      kernel/auditfilter.c

+ 1 - 1
kernel/audit_tree.c
View File 

@@ -457,7 +457,7 @@ static void audit_log_remove_rule(struct audit_krule *rule)
 
 	if (unlikely(!ab))
 
 		return;
 
 	audit_log_format(ab, "op=");
 
-	audit_log_string(ab, "remove rule");
 
+	audit_log_string(ab, "remove_rule");
 
 	audit_log_format(ab, " dir=");
 
 	audit_log_untrustedstring(ab, rule->tree->pathname);
 
 	audit_log_key(ab, rule->filterkey);

+ 2 - 2
kernel/audit_watch.c
View File 

@@ -314,7 +314,7 @@ static void audit_update_watch(struct audit_parent *parent,
 
 					     &nentry->rule.list);
 
 			}
 
 
-			audit_watch_log_rule_change(r, owatch, "updated rules");
 
+			audit_watch_log_rule_change(r, owatch, "updated_rules");
 
 
 			call_rcu(&oentry->rcu, audit_free_rule_rcu);
 
 		}
 
@@ -342,7 +342,7 @@ static void audit_remove_parent_watches(struct audit_parent *parent)
 
 	list_for_each_entry_safe(w, nextw, &parent->watches, wlist) {
 
 		list_for_each_entry_safe(r, nextr, &w->rules, rlist) {
 
 			e = container_of(r, struct audit_entry, rule);
 
-			audit_watch_log_rule_change(r, w, "remove rule");
 
+			audit_watch_log_rule_change(r, w, "remove_rule");
 
 			list_del(&r->rlist);
 
 			list_del(&r->list);
 
 			list_del_rcu(&e->list);

+ 2 - 2
kernel/auditfilter.c
View File 

@@ -1060,7 +1060,7 @@ int audit_rule_change(int type, __u32 portid, int seq, void *data,
 
 			return PTR_ERR(entry);
 
 
 		err = audit_add_rule(entry);
 
-		audit_log_rule_change("add rule", &entry->rule, !err);
 
+		audit_log_rule_change("add_rule", &entry->rule, !err);
 
 		if (err)
 
 			audit_free_rule(entry);
 
 		break;
 
@@ -1070,7 +1070,7 @@ int audit_rule_change(int type, __u32 portid, int seq, void *data,
 
 			return PTR_ERR(entry);
 
 
 		err = audit_del_rule(entry);
 
-		audit_log_rule_change("remove rule", &entry->rule, !err);
 
+		audit_log_rule_change("remove_rule", &entry->rule, !err);
 
 		audit_free_rule(entry);
 
 		break;
 
 	default: