On Fri, Nov 01, 2013 at 12:34:55PM -0400, Steve Grubb wrote: > On Friday, November 01, 2013 12:24:55 PM Richard Guy Briggs wrote: > > On Thu, Oct 31, 2013 at 12:25:55PM -0700, William Roberts wrote: > > > > + if (msg_type != AUDIT_USER_TTY) { > > > > + char fmt[64]; > > > > + strcat(fmt, " msg='%."); > > > > + strcat(fmt, "AUDIT_MESSAGE_TEXT_MAX"); > > > > + strcat(fmt, "s'"); > > > > + audit_log_format(ab, fmt, (char *)data); > > > > + } else { > > > > > > I am ok with this. In fact I was going to do this the first time, but I > > > thought their would be some explicit reason to avoid the additional > > > run time overhead as the concat could be made at compile time. > > > > Ok, this was in danger of starting with fmt in an unknown state. Latest > > patch: > > > > diff --git a/kernel/audit.c b/kernel/audit.c > > @@ -148,6 +148,8 @@ DEFINE_MUTEX(audit_cmd_mutex); > > * should be at least that large. */ > > #define AUDIT_BUFSIZ 1024 > > > > +char usermsg_format[64] = ""; > > You might want this ^^^ to be static so its not global in scope.
Yup, good point. Thanks. > -Steve > > > /* AUDIT_MAXFREE is the number of empty audit_buffers we keep on the > > * audit_freelist. Doing so eliminates many kmalloc/kfree calls. */ > > #define AUDIT_MAXFREE (2*NR_CPUS) > > @@ -714,11 +716,15 @@ static int audit_receive_msg(struct sk_buff *skb, > > struct nlmsghdr *nlh) break; > > } > > audit_log_common_recv_msg(&ab, msg_type); > > - if (msg_type != AUDIT_USER_TTY) > > - audit_log_format(ab, > > - " > > msg='%.AUDIT_MESSAGE_TEXT_MAXs'", > > + if (msg_type != AUDIT_USER_TTY) { > > + if (unlikely(usermsg_format[0] == 0)) > > + snprintf(usermsg_format, > > + sizeof(usermsg_format), > > + " msg=\'%%.%ds\'", > > + AUDIT_MESSAGE_TEXT_MAX); > > + audit_log_format(ab, usermsg_format, > > (char *)data); > > - else { > > + } else { > > int size; > > > > audit_log_format(ab, " data="); > > > > - RGB > > > > -- > > Richard Guy Briggs <rbri...@redhat.com> > > Senior Software Engineer > > Kernel Security > > AMER ENG Base Operating Systems > > Remote, Ottawa, Canada > > Voice: +1.647.777.2635 > > Internal: (81) 32635 > > Alt: +1.613.693.0684x3545 > > > > -- > > Linux-audit mailing list > > Linux-audit@redhat.com > > https://www.redhat.com/mailman/listinfo/linux-audit > - RGB -- Richard Guy Briggs <rbri...@redhat.com> Senior Software Engineer Kernel Security AMER ENG Base Operating Systems Remote, Ottawa, Canada Voice: +1.647.777.2635 Internal: (81) 32635 Alt: +1.613.693.0684x3545 -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit