audit: invalid op= values for rules
Various audit events dealing with adding, removing and updating rules result in invalid values set for the op keys which result in embedded spaces in op= values. The invalid values are op="add rule" set in kernel/auditfilter.c op="remove rule" set in kernel/auditfilter.c op="remove rule" set in kernel/audit_tree.c op="updated rules" set in kernel/audit_watch.c op="remove rule" set in kernel/audit_watch.c Replace the space in the above values with an underscore character ('_'). Coded-by: Burn Alting <burn@swtf.dyndns.org> Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
This commit is contained in:
parent
01478d7d60
commit
e7df61f4d1
|
@ -457,7 +457,7 @@ static void audit_log_remove_rule(struct audit_krule *rule)
|
|||
if (unlikely(!ab))
|
||||
return;
|
||||
audit_log_format(ab, "op=");
|
||||
audit_log_string(ab, "remove rule");
|
||||
audit_log_string(ab, "remove_rule");
|
||||
audit_log_format(ab, " dir=");
|
||||
audit_log_untrustedstring(ab, rule->tree->pathname);
|
||||
audit_log_key(ab, rule->filterkey);
|
||||
|
|
|
@ -314,7 +314,7 @@ static void audit_update_watch(struct audit_parent *parent,
|
|||
&nentry->rule.list);
|
||||
}
|
||||
|
||||
audit_watch_log_rule_change(r, owatch, "updated rules");
|
||||
audit_watch_log_rule_change(r, owatch, "updated_rules");
|
||||
|
||||
call_rcu(&oentry->rcu, audit_free_rule_rcu);
|
||||
}
|
||||
|
@ -342,7 +342,7 @@ static void audit_remove_parent_watches(struct audit_parent *parent)
|
|||
list_for_each_entry_safe(w, nextw, &parent->watches, wlist) {
|
||||
list_for_each_entry_safe(r, nextr, &w->rules, rlist) {
|
||||
e = container_of(r, struct audit_entry, rule);
|
||||
audit_watch_log_rule_change(r, w, "remove rule");
|
||||
audit_watch_log_rule_change(r, w, "remove_rule");
|
||||
list_del(&r->rlist);
|
||||
list_del(&r->list);
|
||||
list_del_rcu(&e->list);
|
||||
|
|
|
@ -1060,7 +1060,7 @@ int audit_rule_change(int type, __u32 portid, int seq, void *data,
|
|||
return PTR_ERR(entry);
|
||||
|
||||
err = audit_add_rule(entry);
|
||||
audit_log_rule_change("add rule", &entry->rule, !err);
|
||||
audit_log_rule_change("add_rule", &entry->rule, !err);
|
||||
if (err)
|
||||
audit_free_rule(entry);
|
||||
break;
|
||||
|
@ -1070,7 +1070,7 @@ int audit_rule_change(int type, __u32 portid, int seq, void *data,
|
|||
return PTR_ERR(entry);
|
||||
|
||||
err = audit_del_rule(entry);
|
||||
audit_log_rule_change("remove rule", &entry->rule, !err);
|
||||
audit_log_rule_change("remove_rule", &entry->rule, !err);
|
||||
audit_free_rule(entry);
|
||||
break;
|
||||
default:
|
||||
|
|
Loading…
Reference in New Issue