From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paul Moore <paul.moore@hp.com>
Subject: [PATCH] lsm: Use a compressed IPv6 string format in audit events
Date: Tue, 22 Sep 2009 23:59:14 -0700
Message-ID: <20090923065914.6580.31.stgit@flek>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx1.redhat.com (ext-mx03.extmail.prod.ext.phx2.redhat.com
	[10.5.110.7])
	by int-mx05.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id n8N6xr7r008451
	for <linux-audit@redhat.com>; Wed, 23 Sep 2009 02:59:54 -0400
Received: from g4t0016.houston.hp.com (g4t0016.houston.hp.com [15.201.24.19])
	by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id n8N6xfv6024562
	for <linux-audit@redhat.com>; Wed, 23 Sep 2009 02:59:41 -0400
Received: from g5t0030.atlanta.hp.com (g5t0030.atlanta.hp.com [16.228.8.142])
	by g4t0016.houston.hp.com (Postfix) with ESMTP id 0466514133
	for <linux-audit@redhat.com>; Wed, 23 Sep 2009 06:59:40 +0000 (UTC)
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

Currently the audit subsystem prints uncompressed IPv6 addresses which not
only differs from common usage but also results in ridiculously large audit
strings which is not a good thing.  This patch fixes this by simply converting
audit to always print compressed IPv6 addresses.

Old message example:

 audit(1253576792.161:30): avc:  denied  { ingress } for
  saddr=0000:0000:0000:0000:0000:0000:0000:0001 src=5000
  daddr=0000:0000:0000:0000:0000:0000:0000:0001 dest=35502 netif=lo
  scontext=system_u:object_r:unlabeled_t:s15:c0.c1023
  tcontext=system_u:object_r:lo_netif_t:s0-s15:c0.c1023 tclass=netif

New message example:

 audit(1253576792.161:30): avc:  denied  { ingress } for
  saddr=::1 src=5000 daddr=::1 dest=35502 netif=lo
  scontext=system_u:object_r:unlabeled_t:s15:c0.c1023
  tcontext=system_u:object_r:lo_netif_t:s0-s15:c0.c1023 tclass=netif

Signed-off-by: Paul Moore <paul.moore@hp.com>
---

 security/lsm_audit.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/security/lsm_audit.c b/security/lsm_audit.c
index 500aad0..3bb90b6 100644
--- a/security/lsm_audit.c
+++ b/security/lsm_audit.c
@@ -187,7 +187,7 @@ static inline void print_ipv6_addr(struct audit_buffer *ab,
 				   char *name1, char *name2)
 {
 	if (!ipv6_addr_any(addr))
-		audit_log_format(ab, " %s=%pI6", name1, addr);
+		audit_log_format(ab, " %s=%pI6c", name1, addr);
 	if (port)
 		audit_log_format(ab, " %s=%d", name2, ntohs(port));
 }