Re: [Linux-ima-user] [PATCH] audit: fix dangling keywords in integrity ima message output
On 14/06/17, Mimi Zohar wrote:
On Mon, 2014-06-16 at 15:52 -0400, Richard Guy Briggs wrote:
Replace spaces in op keyword labels in log output since userspace audit
tools
can't parse orphaned keywords.
The patch didn't apply cleanly to linux-integrity/#next. Please take a
look at it (linux-integrity/#next-fixes).
Looks like just the change from const char *op to static const char
op[] in the context. Looks fine to me.
thanks,
Thanks Mimi.
Mimi
Reported-by: Steve Grubb sgr...@redhat.com
Signed-off-by: Richard Guy Briggs r...@redhat.com
---
security/integrity/ima/ima_appraise.c |2 +-
security/integrity/ima/ima_policy.c |6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/security/integrity/ima/ima_appraise.c
b/security/integrity/ima/ima_appraise.c
index 734e946..61c95af 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -214,7 +214,7 @@ int ima_appraise_measurement(int func, struct
integrity_iint_cache *iint,
hash_start = 1;
case IMA_XATTR_DIGEST:
if (iint-flags IMA_DIGSIG_REQUIRED) {
- cause = IMA signature required;
+ cause = IMA-signature-required;
status = INTEGRITY_FAIL;
break;
}
diff --git a/security/integrity/ima/ima_policy.c
b/security/integrity/ima/ima_policy.c
index a9c3d3c..dbdc528 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -330,7 +330,7 @@ void __init ima_init_policy(void)
void ima_update_policy(void)
{
const char *op = policy_update;
- const char *cause = already exists;
+ const char *cause = already-exists;
int result = 1;
int audit_info = 0;
@@ -654,7 +654,7 @@ ssize_t ima_parse_add_rule(char *rule)
/* Prevent installed policy from changing */
if (ima_rules != ima_default_rules) {
integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
- NULL, op, already exists,
+ NULL, op, already-exists,
-EACCES, audit_info);
return -EACCES;
}
@@ -680,7 +680,7 @@ ssize_t ima_parse_add_rule(char *rule)
if (result) {
kfree(entry);
integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
- NULL, op, invalid policy, result,
+ NULL, op, invalid-policy, result,
audit_info);
return result;
}
- RGB
--
Richard Guy Briggs rbri...@redhat.com
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red
Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
Re: [Linux-ima-user] [PATCH] audit: fix dangling keywords in integrity ima message output
On Mon, 2014-06-16 at 15:52 -0400, Richard Guy Briggs wrote:
Replace spaces in op keyword labels in log output since userspace audit tools
can't parse orphaned keywords.
The patch didn't apply cleanly to linux-integrity/#next. Please take a
look at it (linux-integrity/#next-fixes).
thanks,
Mimi
Reported-by: Steve Grubb sgr...@redhat.com
Signed-off-by: Richard Guy Briggs r...@redhat.com
---
security/integrity/ima/ima_appraise.c |2 +-
security/integrity/ima/ima_policy.c |6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/security/integrity/ima/ima_appraise.c
b/security/integrity/ima/ima_appraise.c
index 734e946..61c95af 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -214,7 +214,7 @@ int ima_appraise_measurement(int func, struct
integrity_iint_cache *iint,
hash_start = 1;
case IMA_XATTR_DIGEST:
if (iint-flags IMA_DIGSIG_REQUIRED) {
- cause = IMA signature required;
+ cause = IMA-signature-required;
status = INTEGRITY_FAIL;
break;
}
diff --git a/security/integrity/ima/ima_policy.c
b/security/integrity/ima/ima_policy.c
index a9c3d3c..dbdc528 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -330,7 +330,7 @@ void __init ima_init_policy(void)
void ima_update_policy(void)
{
const char *op = policy_update;
- const char *cause = already exists;
+ const char *cause = already-exists;
int result = 1;
int audit_info = 0;
@@ -654,7 +654,7 @@ ssize_t ima_parse_add_rule(char *rule)
/* Prevent installed policy from changing */
if (ima_rules != ima_default_rules) {
integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
- NULL, op, already exists,
+ NULL, op, already-exists,
-EACCES, audit_info);
return -EACCES;
}
@@ -680,7 +680,7 @@ ssize_t ima_parse_add_rule(char *rule)
if (result) {
kfree(entry);
integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
- NULL, op, invalid policy, result,
+ NULL, op, invalid-policy, result,
audit_info);
return result;
}
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
