From: Marcelo Cerri <mhcerri@linux.vnet.ibm.com>
To: linux-audit@redhat.com
Cc: gcwilson@us.ibm.com, bryntcor@us.ibm.com
Subject: [PATCH] auvirt: Add details to cgroup records
Date: Fri, 10 Feb 2012 11:31:52 -0200 [thread overview]
Message-ID: <1328880712-27185-1-git-send-email-mhcerri@linux.vnet.ibm.com> (raw)
With this patch, auvirt prints additional information for cgroup records when
the option "--all-events" is given. It adds the device class, the path or
category of the device which is being allowed or denied, and the ACL.
---
tools/auvirt/auvirt.c | 31 ++++++++++++++++++++++++++++++-
1 files changed, 30 insertions(+), 1 deletions(-)
diff --git a/tools/auvirt/auvirt.c b/tools/auvirt/auvirt.c
index a89b097..e5c5ef6 100644
--- a/tools/auvirt/auvirt.c
+++ b/tools/auvirt/auvirt.c
@@ -80,6 +80,10 @@ struct event {
char *reason;
char *res_type;
char *res;
+ /* Fields specific for cgroup resources */
+ char *cgroup_class;
+ char *cgroup_detail;
+ char *cgroup_acl;
/* Fields specific for machine id events: */
char *seclevel;
/* Fields specific for avc events: */
@@ -123,6 +127,9 @@ void event_free(struct event *event)
free(event->comm);
free(event->seresult);
free(event->seperms);
+ free(event->cgroup_class);
+ free(event->cgroup_detail);
+ free(event->cgroup_acl);
free(event);
}
}
@@ -669,6 +676,22 @@ int add_resource(auparse_state_t *au, const char *uuid, uid_t uid, time_t time,
event->uid = uid;
event->start = time;
add_proof(event, au);
+
+ /* Get cgroup specific fields. */
+ if (strcmp("cgroup", res_type) == 0) {
+ event->cgroup_class = copy_str(auparse_find_field(au, "class"));
+ if (event->cgroup_class) {
+ const char *detail = NULL;
+ if (strcmp("path", event->cgroup_class) == 0) {
+ detail = auparse_find_field(au, "path");
+ } else if (strcmp("major", event->cgroup_class) == 0) {
+ detail = auparse_find_field(au, "category");
+ }
+ event->cgroup_detail = copy_str(detail);
+ }
+ event->cgroup_acl = copy_str(auparse_find_field(au, "acl"));
+ }
+
if (list_append(events, event) == NULL) {
event_free(event);
return 1;
@@ -1105,7 +1128,13 @@ void print_event(struct event *event)
if (event->type == ET_RES) {
printf("\t%-12.12s", N(event->res_type));
printf("\t%-10.10s", N(event->reason));
- printf("\t%s", N(event->res));
+ if (strcmp("cgroup", event->res_type) != 0) {
+ printf("\t%s", N(event->res));
+ } else {
+ printf("\t%s\t%s\t%s", N(event->cgroup_class),
+ N(event->cgroup_acl),
+ N(event->cgroup_detail));
+ }
} else if (event->type == ET_MACHINE_ID) {
printf("\t%s", N(event->seclevel));
} else if (event->type == ET_AVC) {
--
1.7.1
next reply other threads:[~2012-02-10 13:32 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-10 13:31 Marcelo Cerri [this message]
2012-02-11 15:02 ` [PATCH] auvirt: Add details to cgroup records Steve Grubb
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1328880712-27185-1-git-send-email-mhcerri@linux.vnet.ibm.com \
--to=mhcerri@linux.vnet.ibm.com \
--cc=bryntcor@us.ibm.com \
--cc=gcwilson@us.ibm.com \
--cc=linux-audit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox