From: Eric Paris <[email protected]> The login uid change record does not include the selinux context of the task logging in. Add that information.
(Updated from 2011-01: RHBZ:670328 -- RGB) Reported-by: Steve Grubb <[email protected]> Acked-by: James Morris <[email protected]> Signed-off-by: Eric Paris <[email protected]> Signed-off-by: Aristeu Rozanski <[email protected]> Signed-off-by: Richard Guy Briggs <[email protected]> --- kernel/auditsc.c | 10 ++++------ 1 files changed, 4 insertions(+), 6 deletions(-) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 3bc12d2..d8a54ef 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1983,12 +1983,10 @@ static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid, ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_LOGIN); if (!ab) return; - audit_log_format(ab, "pid=%d uid=%u" - " old-auid=%u auid=%u old-ses=%u ses=%u" - " res=%d", - task_pid_nr(current), uid, - oldloginuid, loginuid, oldsessionid, sessionid, - !rc); + audit_log_format(ab, "pid=%d uid=%u", task_pid_nr(current), uid); + audit_log_task_context(ab); + audit_log_format(ab, " old-auid=%u auid=%u old-ses=%u ses=%u res=%d", + oldloginuid, loginuid, oldsessionid, sessionid, !rc); audit_log_end(ab); } -- 1.7.1 -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
