From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stefan Berger Subject: Re: [PATCH 5/8] integrity: Add exe= and tty= before res= to integrity audits Date: Wed, 30 May 2018 08:17:49 -0400 Message-ID: <0c9616fe-b404-eeed-1cba-c920c31694fd@linux.vnet.ibm.com> References: <20180524201105.3179904-1-stefanb@linux.vnet.ibm.com> <20180524201105.3179904-6-stefanb@linux.vnet.ibm.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: Content-Language: en-MW Sender: linux-kernel-owner@vger.kernel.org To: Paul Moore Cc: zohar@linux.vnet.ibm.com, sgrubb@redhat.com, linux-integrity@vger.kernel.org, linux-audit@redhat.com, linux-kernel@vger.kernel.org List-Id: linux-audit@redhat.com On 05/29/2018 05:19 PM, Paul Moore wrote: > On Thu, May 24, 2018 at 4:11 PM, Stefan Berger > wrote: >> Use the new public audit functions to add the exe= and tty= >> parts to the integrity audit records. We place them before >> res=. >> >> Signed-off-by: Stefan Berger >> Suggested-by: Steve Grubb >> --- >> security/integrity/integrity_audit.c | 2 ++ >> 1 file changed, 2 insertions(+) >> >> diff --git a/security/integrity/integrity_audit.c b/security/integrity/integrity_audit.c >> index db30763d5525..8d25d3c4dcca 100644 >> --- a/security/integrity/integrity_audit.c >> +++ b/security/integrity/integrity_audit.c >> @@ -56,6 +56,8 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode, >> audit_log_untrustedstring(ab, inode->i_sb->s_id); >> audit_log_format(ab, " ino=%lu", inode->i_ino); >> } >> + audit_log_d_path_exe(ab, current->mm); >> + audit_log_tty(ab, current); > NACK > > Please add the new fields to the end of the audit record, thank you. I put it there since Steve said '"res" is traditionally the last field in any event' (https://lkml.org/lkml/2018/5/22/539). I don't mind breaking with this tradition... > >> audit_log_format(ab, " res=%d", !result); >> audit_log_end(ab); >> }