On Mon, 2014-06-16 at 15:52 -0400, Richard Guy Briggs wrote: > Replace spaces in op keyword labels in log output since userspace audit tools > can't parse orphaned keywords.
The patch didn't apply cleanly to linux-integrity/#next. Please take a look at it (linux-integrity/#next-fixes). thanks, Mimi > Reported-by: Steve Grubb <sgr...@redhat.com> > Signed-off-by: Richard Guy Briggs <r...@redhat.com> > --- > security/integrity/ima/ima_appraise.c | 2 +- > security/integrity/ima/ima_policy.c | 6 +++--- > 2 files changed, 4 insertions(+), 4 deletions(-) > > diff --git a/security/integrity/ima/ima_appraise.c > b/security/integrity/ima/ima_appraise.c > index 734e946..61c95af 100644 > --- a/security/integrity/ima/ima_appraise.c > +++ b/security/integrity/ima/ima_appraise.c > @@ -214,7 +214,7 @@ int ima_appraise_measurement(int func, struct > integrity_iint_cache *iint, > hash_start = 1; > case IMA_XATTR_DIGEST: > if (iint->flags & IMA_DIGSIG_REQUIRED) { > - cause = "IMA signature required"; > + cause = "IMA-signature-required"; > status = INTEGRITY_FAIL; > break; > } > diff --git a/security/integrity/ima/ima_policy.c > b/security/integrity/ima/ima_policy.c > index a9c3d3c..dbdc528 100644 > --- a/security/integrity/ima/ima_policy.c > +++ b/security/integrity/ima/ima_policy.c > @@ -330,7 +330,7 @@ void __init ima_init_policy(void) > void ima_update_policy(void) > { > const char *op = "policy_update"; > - const char *cause = "already exists"; > + const char *cause = "already-exists"; > int result = 1; > int audit_info = 0; > > @@ -654,7 +654,7 @@ ssize_t ima_parse_add_rule(char *rule) > /* Prevent installed policy from changing */ > if (ima_rules != &ima_default_rules) { > integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, > - NULL, op, "already exists", > + NULL, op, "already-exists", > -EACCES, audit_info); > return -EACCES; > } > @@ -680,7 +680,7 @@ ssize_t ima_parse_add_rule(char *rule) > if (result) { > kfree(entry); > integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, > - NULL, op, "invalid policy", result, > + NULL, op, "invalid-policy", result, > audit_info); > return result; > } -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit