On Tuesday, October 23, 2012 08:58:35 AM Eric Paris wrote:
> RHBZ: 785936
> About to be posted upstream
> 
> If the audit system collects a record about one process sending a signal
> to another process it includes in that collection the 'secid' or 'an int
> used to represet an SELinux label.'  If SELinux is disabled it will
> collect a 0.  The problem is that when we attempt to print that record
> we ask the LSM to convert the secid back to a string.  Since there is no
> LSM it returns EOPNOTSUPP.
> 
> Most code in the audit system checks if the secid is 0 and does not
> print LSM info in that case.  The signal information code however forgot
> that check.  Thus users will see a message in syslog indicating that
> converting the sid to string failed.  Add the right check.
> 
> Signed-off-by: Eric Paris <epa...@redhat.com>

Looks good to me.

Reviewed-by: Paul Moore <p...@paul-moore.com>

> ---
> 
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index 857f2e2..1f5cc03 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -1195,12 +1195,14 @@ static int audit_log_pid_context(struct
> audit_context *context, pid_t pid,
> 
>       audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, auid,
>                        uid, sessionid);
> -     if (security_secid_to_secctx(sid, &ctx, &len)) {
> -             audit_log_format(ab, " obj=(none)");
> -             rc = 1;
> -     } else {
> -             audit_log_format(ab, " obj=%s", ctx);
> -             security_release_secctx(ctx, len);
> +     if (sid) {
> +             if (security_secid_to_secctx(sid, &ctx, &len)) {
> +                     audit_log_format(ab, " obj=(none)");
> +                     rc = 1;
> +             } else {
> +                     audit_log_format(ab, " obj=%s", ctx);
> +                     security_release_secctx(ctx, len);
> +             }
>       }
>       audit_log_format(ab, " ocomm=");
>       audit_log_untrustedstring(ab, comm);

-- 
paul moore
www.paul-moore.com

--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit

Reply via email to