[PATCH] auvirt: Add details to cgroup records

public inbox for linux-audit@redhat.com
 help / color / mirror / Atom feed

* [PATCH] auvirt: Add details to cgroup records
@ 2012-02-10 13:31 Marcelo Cerri
  2012-02-11 15:02 ` Steve Grubb
  0 siblings, 1 reply; 2+ messages in thread
From: Marcelo Cerri @ 2012-02-10 13:31 UTC (permalink / raw)
  To: linux-audit; +Cc: gcwilson, bryntcor

With this patch, auvirt prints additional information for cgroup records when
the option "--all-events" is given. It adds the device class, the path or
category of the device which is being allowed or denied, and the ACL.
---
 tools/auvirt/auvirt.c |   31 ++++++++++++++++++++++++++++++-
 1 files changed, 30 insertions(+), 1 deletions(-)

diff --git a/tools/auvirt/auvirt.c b/tools/auvirt/auvirt.c
index a89b097..e5c5ef6 100644
--- a/tools/auvirt/auvirt.c
+++ b/tools/auvirt/auvirt.c
@@ -80,6 +80,10 @@ struct event {
 	char *reason;
 	char *res_type;
 	char *res;
+	/* Fields specific for cgroup resources */
+	char *cgroup_class;
+	char *cgroup_detail;
+	char *cgroup_acl;
 	/* Fields specific for machine id events: */
 	char *seclevel;
 	/* Fields specific for avc events: */
@@ -123,6 +127,9 @@ void event_free(struct event *event)
 		free(event->comm);
 		free(event->seresult);
 		free(event->seperms);
+		free(event->cgroup_class);
+		free(event->cgroup_detail);
+		free(event->cgroup_acl);
 		free(event);
 	}
 }
@@ -669,6 +676,22 @@ int add_resource(auparse_state_t *au, const char *uuid, uid_t uid, time_t time,
 	event->uid = uid;
 	event->start = time;
 	add_proof(event, au);
+
+	/* Get cgroup specific fields. */
+	if (strcmp("cgroup", res_type) == 0) {
+		event->cgroup_class = copy_str(auparse_find_field(au, "class"));
+		if (event->cgroup_class) {
+			const char *detail = NULL;
+			if (strcmp("path", event->cgroup_class) == 0) {
+				detail = auparse_find_field(au, "path");
+			} else if (strcmp("major", event->cgroup_class) == 0) {
+				detail = auparse_find_field(au, "category");
+			}
+			event->cgroup_detail = copy_str(detail);
+		}
+		event->cgroup_acl = copy_str(auparse_find_field(au, "acl"));
+	}
+
 	if (list_append(events, event) == NULL) {
 		event_free(event);
 		return 1;
@@ -1105,7 +1128,13 @@ void print_event(struct event *event)
 	if (event->type == ET_RES) {
 		printf("\t%-12.12s", N(event->res_type));
 		printf("\t%-10.10s", N(event->reason));
-		printf("\t%s", N(event->res));
+		if (strcmp("cgroup", event->res_type) != 0) {
+			printf("\t%s", N(event->res));
+		} else {
+			printf("\t%s\t%s\t%s", N(event->cgroup_class),
+					N(event->cgroup_acl),
+					N(event->cgroup_detail));
+		}
 	} else if (event->type == ET_MACHINE_ID) {
 		printf("\t%s", N(event->seclevel));
 	} else if (event->type == ET_AVC) {
-- 
1.7.1

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] auvirt: Add details to cgroup records
  2012-02-10 13:31 [PATCH] auvirt: Add details to cgroup records Marcelo Cerri
@ 2012-02-11 15:02 ` Steve Grubb
  0 siblings, 0 replies; 2+ messages in thread
From: Steve Grubb @ 2012-02-11 15:02 UTC (permalink / raw)
  To: linux-audit; +Cc: gcwilson, bryntcor

On Friday, February 10, 2012 08:31:52 AM Marcelo Cerri wrote:
> With this patch, auvirt prints additional information for cgroup records
> when the option "--all-events" is given. It adds the device class, the
> path or category of the device which is being allowed or denied, and the
> ACL. ---

Applied.

-Steve

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2012-02-11 15:02 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-02-10 13:31 [PATCH] auvirt: Add details to cgroup records Marcelo Cerri
2012-02-11 15:02 ` Steve Grubb

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox