Re: [PATCH] IPC_SET_PERM cleanup

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Linda Knippers <linda.knippers@hp.com>
To: Linux Audit Discussion <linux-audit@redhat.com>
Subject: Re: [PATCH] IPC_SET_PERM cleanup
Date: Fri, 05 May 2006 17:26:45 -0400	[thread overview]
Message-ID: <445BC315.6080601@hp.com> (raw)
In-Reply-To: <445BB351.2040303@hp.com>


In case anyone is interested, this is what the audit records
for an semctl IPC_SET look like with my patch.

Success case:
type=SYSCALL msg=audit(1146863632.117:98): arch=c000003e syscall=66
success=yes exit=0 a0=10000 a1=1 a2=1 a3=7fff2811c6f0 items=0 ppid=4355
pid=4367 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=pts1 comm="syscalls"
exe="/usr/local/eal3_testing/audit-test/syscalls/syscalls"
subj=user_u:system_r:unconfined_t:s0-s0:c0.c255
type=IPC_SET_PERM msg=audit(1146863632.117:98): new_qbytes=0 new_iuid=501
new_igid=0 new_mode=0
type=IPC msg=audit(1146863632.117:98): iuid=0 igid=0 mode=1c0
obj=user_u:system_r:unconfined_t:s0-s0:c0.c255

Failure case:
type=SYSCALL msg=audit(1146863632.369:102): arch=c000003e syscall=66
success=no exit=-1 a0=18000 a1=1 a2=1 a3=7fff11ca6280 items=0 ppid=4377
pid=4388 auid=500 uid=0 gid=0 euid=501 suid=0 fsuid=501 egid=0 sgid=0 fsgid=0
tty=pts1 comm="syscalls"
exe="/usr/local/eal3_testing/audit-test/syscalls/syscalls"
subj=user_u:system_r:unconfined_t:s0-s0:c0.c255
type=IPC_SET_PERM msg=audit(1146863632.369:102): new_qbytes=0 new_iuid=501
new_igid=0 new_mode=0
type=IPC msg=audit(1146863632.369:102): iuid=0 igid=0 mode=1c0
obj=user_u:system_r:unconfined_t:s0-s0:c0.c255

With the .22 kernel, they look like this:

Success case:
type=SYSCALL msg=audit(1146691872.791:94): arch=c000003e syscall=66
success=yes exit=0 a0=10000 a1=1 a2=1 a3=7fff328a7e70 items=0 pid=4327
auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=pts2 comm="syscalls"
exe="/usr/local/eal3_testing/audit-test/syscalls/syscalls"
subj=user_u:system_r:unconfined_t:s0-s0:c0.c255
type=IPC_SET_PERM msg=audit(1146691872.791:94):  new qbytes=0 new
iuid=501 new igid=0 new mode=0
obj=user_u:system_r:unconfined_t:s0-s0:c0.c255
type=IPC msg=audit(1146691872.791:94):  qbytes=5a5a5a5a5a5a5a5a iuid=0
igid=0 mode=1c0 obj=user_u:system_r:unconfined_t:s0-s0:c0.c255

Failure case:
type=SYSCALL msg=audit(1146691112.828:64): arch=c000003e syscall=66
success=no exit=-1 a0=8000 a1=1 a2=1 a3=7fff96610bd0 items=0 pid=3101
auid=500 uid=0 gid=0 euid=501 suid=0 fsuid=501 egid=0 sgid=0 fsgid=0
tty=pts2 comm="syscalls"
exe="/usr/local/eal3_testing/audit-test/syscalls/syscalls"
subj=user_u:system_r:unconfined_t:s0-s0:c0.c255
type=IPC msg=audit(1146691112.828:64):  qbytes=5a5a5a5a5a5a5a5a iuid=0
igid=0 mode=1c0 obj=user_u:system_r:unconfined_t:s0-s0:c0.c255

-- ljk

next prev parent reply	other threads:[~2006-05-05 21:26 UTC|newest]

Thread overview: 34+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-05-05 20:19 [PATCH] IPC_SET_PERM cleanup Linda Knippers
2006-05-05 20:42 ` Steve Grubb
2006-05-05 20:59   ` Linda Knippers
2006-05-09 14:51     ` Klaus Weidner
2006-05-05 21:26 ` Linda Knippers [this message]
2006-05-08 18:29 ` Dustin Kirkland
2006-05-08 18:29 ` Dustin Kirkland
2006-05-08 19:06   ` Linda Knippers
2006-05-09 14:59   ` Klaus Weidner
2006-05-09 15:05     ` Steve Grubb
2006-05-09 15:12       ` Linda Knippers
2006-05-09 15:21         ` Steve Grubb
2006-05-09 15:34           ` Linda Knippers
2006-05-09 15:55             ` Steve Grubb
2006-05-09 16:33               ` Klaus Weidner
2006-05-09 17:47               ` Linda Knippers
2006-05-09 18:15                 ` Klaus Weidner
2006-05-09 18:27                   ` Linda Knippers
2006-05-09 19:11                     ` Steve Grubb
2006-05-09 20:10                       ` Klaus Weidner
2006-05-09 20:36                         ` Klaus Weidner
2006-05-09 20:46                           ` Linda Knippers
2006-05-10 14:02                             ` Steve Grubb
2006-05-10 16:29                               ` Klaus Weidner
2006-05-10 17:02                                 ` Dustin Kirkland
2006-05-10 17:11                                   ` Klaus Weidner
2006-05-10 17:22                                     ` Linda Knippers
2006-05-10 17:29                                     ` Steve Grubb
2006-05-10 18:10                                       ` Klaus Weidner
2006-05-10 17:28                                 ` Steve Grubb
2006-05-10 18:05                                   ` Linda Knippers
2006-05-10 18:20                                     ` Steve Grubb
2006-05-09 15:53           ` Amy Griffis
2006-05-09 15:07 ` Steve Grubb

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=445BC315.6080601@hp.com \
    --to=linda.knippers@hp.com \
    --cc=linux-audit@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.