On Tuesday, October 23, 2012 08:58:35 AM Eric Paris wrote: > RHBZ: 785936 > About to be posted upstream > > If the audit system collects a record about one process sending a signal > to another process it includes in that collection the 'secid' or 'an int > used to represet an SELinux label.' If SELinux is disabled it will > collect a 0. The problem is that when we attempt to print that record > we ask the LSM to convert the secid back to a string. Since there is no > LSM it returns EOPNOTSUPP. > > Most code in the audit system checks if the secid is 0 and does not > print LSM info in that case. The signal information code however forgot > that check. Thus users will see a message in syslog indicating that > converting the sid to string failed. Add the right check. > > Signed-off-by: Eric Paris <epa...@redhat.com>
Looks good to me. Reviewed-by: Paul Moore <p...@paul-moore.com> > --- > > diff --git a/kernel/auditsc.c b/kernel/auditsc.c > index 857f2e2..1f5cc03 100644 > --- a/kernel/auditsc.c > +++ b/kernel/auditsc.c > @@ -1195,12 +1195,14 @@ static int audit_log_pid_context(struct > audit_context *context, pid_t pid, > > audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, auid, > uid, sessionid); > - if (security_secid_to_secctx(sid, &ctx, &len)) { > - audit_log_format(ab, " obj=(none)"); > - rc = 1; > - } else { > - audit_log_format(ab, " obj=%s", ctx); > - security_release_secctx(ctx, len); > + if (sid) { > + if (security_secid_to_secctx(sid, &ctx, &len)) { > + audit_log_format(ab, " obj=(none)"); > + rc = 1; > + } else { > + audit_log_format(ab, " obj=%s", ctx); > + security_release_secctx(ctx, len); > + } > } > audit_log_format(ab, " ocomm="); > audit_log_untrustedstring(ab, comm); -- paul moore www.paul-moore.com -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit