Re: [Linux-ima-user] [PATCH] audit: fix dangling keywords in integrity ima message output

Mimi Zohar Tue, 17 Jun 2014 19:15:07 -0700

On Mon, 2014-06-16 at 15:52 -0400, Richard Guy Briggs wrote:
> Replace spaces in op keyword labels in log output since userspace audit tools
> can't parse orphaned keywords.


The patch didn't apply cleanly to linux-integrity/#next.  Please take a
look at it (linux-integrity/#next-fixes).

thanks,

Mimi 


> Reported-by: Steve Grubb <sgr...@redhat.com>
> Signed-off-by: Richard Guy Briggs <r...@redhat.com>
> ---
>  security/integrity/ima/ima_appraise.c |    2 +-
>  security/integrity/ima/ima_policy.c   |    6 +++---
>  2 files changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/security/integrity/ima/ima_appraise.c 
> b/security/integrity/ima/ima_appraise.c
> index 734e946..61c95af 100644
> --- a/security/integrity/ima/ima_appraise.c
> +++ b/security/integrity/ima/ima_appraise.c
> @@ -214,7 +214,7 @@ int ima_appraise_measurement(int func, struct 
> integrity_iint_cache *iint,
>               hash_start = 1;
>       case IMA_XATTR_DIGEST:
>               if (iint->flags & IMA_DIGSIG_REQUIRED) {
> -                     cause = "IMA signature required";
> +                     cause = "IMA-signature-required";
>                       status = INTEGRITY_FAIL;
>                       break;
>               }
> diff --git a/security/integrity/ima/ima_policy.c 
> b/security/integrity/ima/ima_policy.c
> index a9c3d3c..dbdc528 100644
> --- a/security/integrity/ima/ima_policy.c
> +++ b/security/integrity/ima/ima_policy.c
> @@ -330,7 +330,7 @@ void __init ima_init_policy(void)
>  void ima_update_policy(void)
>  {
>       const char *op = "policy_update";
> -     const char *cause = "already exists";
> +     const char *cause = "already-exists";
>       int result = 1;
>       int audit_info = 0;
> 
> @@ -654,7 +654,7 @@ ssize_t ima_parse_add_rule(char *rule)
>       /* Prevent installed policy from changing */
>       if (ima_rules != &ima_default_rules) {
>               integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
> -                                 NULL, op, "already exists",
> +                                 NULL, op, "already-exists",
>                                   -EACCES, audit_info);
>               return -EACCES;
>       }
> @@ -680,7 +680,7 @@ ssize_t ima_parse_add_rule(char *rule)
>       if (result) {
>               kfree(entry);
>               integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
> -                                 NULL, op, "invalid policy", result,
> +                                 NULL, op, "invalid-policy", result,
>                                   audit_info);
>               return result;
>       }



--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit

Re: [Linux-ima-user] [PATCH] audit: fix dangling keywords in integrity ima message output

Reply via email to