diff options
author | David Woodhouse <dwmw2@shinybook.infradead.org> | 2005-05-23 21:35:28 +0100 |
---|---|---|
committer | David Woodhouse <dwmw2@shinybook.infradead.org> | 2005-05-23 21:35:28 +0100 |
commit | bccf6ae083318ea08094d6ab185fdf7c49906b3a (patch) | |
tree | 0dc4fabe9004aa666e646c69e976fda989c08565 | |
parent | bfb4496e7239c9132d732a65cdcf3d6a7431ad1a (diff) | |
download | op-kernel-dev-bccf6ae083318ea08094d6ab185fdf7c49906b3a.zip op-kernel-dev-bccf6ae083318ea08094d6ab185fdf7c49906b3a.tar.gz |
AUDIT: Unify auid reporting, put arch before syscall number
These changes make processing of audit logs easier. Based on a patch
from Steve Grubb <sgrubb@redhat.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
-rw-r--r-- | kernel/audit.c | 10 | ||||
-rw-r--r-- | kernel/auditsc.c | 8 |
2 files changed, 9 insertions, 9 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index 35306f4..ef35166 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -234,7 +234,7 @@ static int audit_set_rate_limit(int limit, uid_t loginuid) int old = audit_rate_limit; audit_rate_limit = limit; audit_log(NULL, AUDIT_CONFIG_CHANGE, - "audit_rate_limit=%d old=%d by auid %u", + "audit_rate_limit=%d old=%d by auid=%u", audit_rate_limit, old, loginuid); return old; } @@ -244,7 +244,7 @@ static int audit_set_backlog_limit(int limit, uid_t loginuid) int old = audit_backlog_limit; audit_backlog_limit = limit; audit_log(NULL, AUDIT_CONFIG_CHANGE, - "audit_backlog_limit=%d old=%d by auid %u", + "audit_backlog_limit=%d old=%d by auid=%u", audit_backlog_limit, old, loginuid); return old; } @@ -256,7 +256,7 @@ static int audit_set_enabled(int state, uid_t loginuid) return -EINVAL; audit_enabled = state; audit_log(NULL, AUDIT_CONFIG_CHANGE, - "audit_enabled=%d old=%d by auid %u", + "audit_enabled=%d old=%d by auid=%u", audit_enabled, old, loginuid); return old; } @@ -270,7 +270,7 @@ static int audit_set_failure(int state, uid_t loginuid) return -EINVAL; audit_failure = state; audit_log(NULL, AUDIT_CONFIG_CHANGE, - "audit_failure=%d old=%d by auid %u", + "audit_failure=%d old=%d by auid=%u", audit_failure, old, loginuid); return old; } @@ -424,7 +424,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) int old = audit_pid; audit_pid = status_get->pid; audit_log(NULL, AUDIT_CONFIG_CHANGE, - "audit_pid=%d old=%d by auid %u", + "audit_pid=%d old=%d by auid=%u", audit_pid, old, loginuid); } if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 74c2ae8..5fc4f52 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -307,7 +307,7 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data, if (!err && (flags & AUDIT_AT_EXIT)) err = audit_add_rule(entry, &audit_extlist); audit_log(NULL, AUDIT_CONFIG_CHANGE, - "auid %u added an audit rule\n", loginuid); + "auid=%u added an audit rule\n", loginuid); break; case AUDIT_DEL: flags =((struct audit_rule *)data)->flags; @@ -318,7 +318,7 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data, if (!err && (flags & AUDIT_AT_EXIT)) err = audit_del_rule(data, &audit_extlist); audit_log(NULL, AUDIT_CONFIG_CHANGE, - "auid %u removed an audit rule\n", loginuid); + "auid=%u removed an audit rule\n", loginuid); break; default: return -EINVAL; @@ -678,10 +678,10 @@ static void audit_log_exit(struct audit_context *context) ab = audit_log_start(context, AUDIT_SYSCALL); if (!ab) return; /* audit_panic has been called */ - audit_log_format(ab, "syscall=%d", context->major); + audit_log_format(ab, "arch=%x syscall=%d", + context->arch, context->major); if (context->personality != PER_LINUX) audit_log_format(ab, " per=%lx", context->personality); - audit_log_format(ab, " arch=%x", context->arch); if (context->return_valid) audit_log_format(ab, " success=%s exit=%ld", (context->return_valid==AUDITSC_SUCCESS)?"yes":"no", |