提交 e7df61f4 编写于 作者: B Burn Alting 提交者: Eric Paris

audit: invalid op= values for rules

Various audit events dealing with adding, removing and updating rules result in
invalid values set for the op keys which result in embedded spaces in op=
values.

The invalid values are
        op="add rule"       set in kernel/auditfilter.c
        op="remove rule"    set in kernel/auditfilter.c
        op="remove rule"    set in kernel/audit_tree.c
        op="updated rules"  set in kernel/audit_watch.c
        op="remove rule"    set in kernel/audit_watch.c

Replace the space in the above values with an underscore character ('_').
Coded-by: NBurn Alting <burn@swtf.dyndns.org>
Signed-off-by: NRichard Guy Briggs <rgb@redhat.com>
上级 01478d7d
...@@ -457,7 +457,7 @@ static void audit_log_remove_rule(struct audit_krule *rule) ...@@ -457,7 +457,7 @@ static void audit_log_remove_rule(struct audit_krule *rule)
if (unlikely(!ab)) if (unlikely(!ab))
return; return;
audit_log_format(ab, "op="); audit_log_format(ab, "op=");
audit_log_string(ab, "remove rule"); audit_log_string(ab, "remove_rule");
audit_log_format(ab, " dir="); audit_log_format(ab, " dir=");
audit_log_untrustedstring(ab, rule->tree->pathname); audit_log_untrustedstring(ab, rule->tree->pathname);
audit_log_key(ab, rule->filterkey); audit_log_key(ab, rule->filterkey);
......
...@@ -314,7 +314,7 @@ static void audit_update_watch(struct audit_parent *parent, ...@@ -314,7 +314,7 @@ static void audit_update_watch(struct audit_parent *parent,
&nentry->rule.list); &nentry->rule.list);
} }
audit_watch_log_rule_change(r, owatch, "updated rules"); audit_watch_log_rule_change(r, owatch, "updated_rules");
call_rcu(&oentry->rcu, audit_free_rule_rcu); call_rcu(&oentry->rcu, audit_free_rule_rcu);
} }
...@@ -342,7 +342,7 @@ static void audit_remove_parent_watches(struct audit_parent *parent) ...@@ -342,7 +342,7 @@ static void audit_remove_parent_watches(struct audit_parent *parent)
list_for_each_entry_safe(w, nextw, &parent->watches, wlist) { list_for_each_entry_safe(w, nextw, &parent->watches, wlist) {
list_for_each_entry_safe(r, nextr, &w->rules, rlist) { list_for_each_entry_safe(r, nextr, &w->rules, rlist) {
e = container_of(r, struct audit_entry, rule); e = container_of(r, struct audit_entry, rule);
audit_watch_log_rule_change(r, w, "remove rule"); audit_watch_log_rule_change(r, w, "remove_rule");
list_del(&r->rlist); list_del(&r->rlist);
list_del(&r->list); list_del(&r->list);
list_del_rcu(&e->list); list_del_rcu(&e->list);
......
...@@ -1060,7 +1060,7 @@ int audit_rule_change(int type, __u32 portid, int seq, void *data, ...@@ -1060,7 +1060,7 @@ int audit_rule_change(int type, __u32 portid, int seq, void *data,
return PTR_ERR(entry); return PTR_ERR(entry);
err = audit_add_rule(entry); err = audit_add_rule(entry);
audit_log_rule_change("add rule", &entry->rule, !err); audit_log_rule_change("add_rule", &entry->rule, !err);
if (err) if (err)
audit_free_rule(entry); audit_free_rule(entry);
break; break;
...@@ -1070,7 +1070,7 @@ int audit_rule_change(int type, __u32 portid, int seq, void *data, ...@@ -1070,7 +1070,7 @@ int audit_rule_change(int type, __u32 portid, int seq, void *data,
return PTR_ERR(entry); return PTR_ERR(entry);
err = audit_del_rule(entry); err = audit_del_rule(entry);
audit_log_rule_change("remove rule", &entry->rule, !err); audit_log_rule_change("remove_rule", &entry->rule, !err);
audit_free_rule(entry); audit_free_rule(entry);
break; break;
default: default:
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册