mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2024-12-29 09:12:07 +00:00
lsm_audit: avoid overloading the "key" audit field
The "key" field is used to associate records with the rule that triggered them, os it's not a good idea to overload it with an additional IPC key semantic. Moreover, as the classic "key" field is a text field, while the IPC key is numeric, AVC records containing the IPC key info actually confuse audit userspace, which tries to interpret the number as a hex-encoded string, thus showing garbage for example in the ausearch "interpret" output mode. Hence, change it to "ipc_key" to fix both issues and also make the meaning of this field more clear. Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Reviewed-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
parent
d680c6b49c
commit
8e71168e2c
@ -224,7 +224,7 @@ static void dump_common_audit_data(struct audit_buffer *ab,
|
||||
case LSM_AUDIT_DATA_NONE:
|
||||
return;
|
||||
case LSM_AUDIT_DATA_IPC:
|
||||
audit_log_format(ab, " key=%d ", a->u.ipc_id);
|
||||
audit_log_format(ab, " ipc_key=%d ", a->u.ipc_id);
|
||||
break;
|
||||
case LSM_AUDIT_DATA_CAP:
|
||||
audit_log_format(ab, " capability=%d ", a->u.cap);
|
||||
|
Loading…
Reference in New Issue
Block a user