[PATCH 0/2] kernel AUDIT_LOGIN event is missing subject label

[PATCH 0/2] kernel AUDIT_LOGIN event is missing subject label

[Richard Guy Briggs]

This was fixed in RHEL6 as BZ 670328, but never upstreamed.

Eric Paris (1):
  audit: include subject in login records

Richard Guy Briggs (1):
  audit: remove superfluous new- prefix in AUDIT_LOGIN messages

 kernel/auditsc.c |   10 ++++------
 1 files changed, 4 insertions(+), 6 deletions(-)

[PATCH 1/2] audit: remove superfluous new- prefix in AUDIT_LOGIN messages

[Richard Guy Briggs]

The new- prefix on ses and auid are un-necessary and break ausearch.

Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
---
 kernel/auditsc.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index eb01d47..3bc12d2 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1984,7 +1984,7 @@ static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid,
 	if (!ab)
 		return;
 	audit_log_format(ab, "pid=%d uid=%u"
-			 " old-auid=%u new-auid=%u old-ses=%u new-ses=%u"
+			 " old-auid=%u auid=%u old-ses=%u ses=%u"
 			 " res=%d",
 			 task_pid_nr(current), uid,
 			 oldloginuid, loginuid, oldsessionid, sessionid,
-- 
1.7.1

[PATCH 1/2] audit: remove superfluous new- prefix in AUDIT_LOGIN messages

[Richard Guy Briggs]

The new- prefix on ses and auid are un-necessary and break ausearch.

Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
---
 kernel/auditsc.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index eb01d47..3bc12d2 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1984,7 +1984,7 @@ static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid,
 	if (!ab)
 		return;
 	audit_log_format(ab, "pid=%d uid=%u"
-			 " old-auid=%u new-auid=%u old-ses=%u new-ses=%u"
+			 " old-auid=%u auid=%u old-ses=%u ses=%u"
 			 " res=%d",
 			 task_pid_nr(current), uid,
 			 oldloginuid, loginuid, oldsessionid, sessionid,
-- 
1.7.1

[PATCH 2/2] audit: include subject in login records

[Richard Guy Briggs]

From: Eric Paris <eparis@redhat.com>

The login uid change record does not include the selinux context of the
task logging in.  Add that information.

(Updated from 2011-01: RHBZ:670328 -- RGB)

Reported-by: Steve Grubb <sgrubb@redhat.com>
Acked-by: James Morris <jmorris@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Aristeu Rozanski <arozansk@redhat.com>
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
---
 kernel/auditsc.c |   10 ++++------
 1 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 3bc12d2..d8a54ef 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1983,12 +1983,10 @@ static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid,
 	ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_LOGIN);
 	if (!ab)
 		return;
-	audit_log_format(ab, "pid=%d uid=%u"
-			 " old-auid=%u auid=%u old-ses=%u ses=%u"
-			 " res=%d",
-			 task_pid_nr(current), uid,
-			 oldloginuid, loginuid, oldsessionid, sessionid,
-			 !rc);
+	audit_log_format(ab, "pid=%d uid=%u", task_pid_nr(current), uid);
+	audit_log_task_context(ab);
+	audit_log_format(ab, " old-auid=%u auid=%u old-ses=%u ses=%u res=%d",
+			 oldloginuid, loginuid, oldsessionid, sessionid, !rc);
 	audit_log_end(ab);
 }
 
-- 
1.7.1