* [PATCH] audit: fix dangling keywords in integrity ima message output
@ 2014-06-16 19:52 Richard Guy Briggs
2014-06-18 2:08 ` [Linux-ima-user] " Mimi Zohar
0 siblings, 1 reply; 3+ messages in thread
From: Richard Guy Briggs @ 2014-06-16 19:52 UTC (permalink / raw)
To: linux-audit, linux-kernel, linux-security-module, linux-ima-user
Cc: Mimi Zohar, Dmitry Kasatkin, Richard Guy Briggs
Replace spaces in op keyword labels in log output since userspace audit tools
can't parse orphaned keywords.
Reported-by: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
---
security/integrity/ima/ima_appraise.c | 2 +-
security/integrity/ima/ima_policy.c | 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index 734e946..61c95af 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -214,7 +214,7 @@ int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,
hash_start = 1;
case IMA_XATTR_DIGEST:
if (iint->flags & IMA_DIGSIG_REQUIRED) {
- cause = "IMA signature required";
+ cause = "IMA-signature-required";
status = INTEGRITY_FAIL;
break;
}
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index a9c3d3c..dbdc528 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -330,7 +330,7 @@ void __init ima_init_policy(void)
void ima_update_policy(void)
{
const char *op = "policy_update";
- const char *cause = "already exists";
+ const char *cause = "already-exists";
int result = 1;
int audit_info = 0;
@@ -654,7 +654,7 @@ ssize_t ima_parse_add_rule(char *rule)
/* Prevent installed policy from changing */
if (ima_rules != &ima_default_rules) {
integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
- NULL, op, "already exists",
+ NULL, op, "already-exists",
-EACCES, audit_info);
return -EACCES;
}
@@ -680,7 +680,7 @@ ssize_t ima_parse_add_rule(char *rule)
if (result) {
kfree(entry);
integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
- NULL, op, "invalid policy", result,
+ NULL, op, "invalid-policy", result,
audit_info);
return result;
}
--
1.7.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Linux-ima-user] [PATCH] audit: fix dangling keywords in integrity ima message output
2014-06-16 19:52 [PATCH] audit: fix dangling keywords in integrity ima message output Richard Guy Briggs
@ 2014-06-18 2:08 ` Mimi Zohar
2014-06-19 2:23 ` Richard Guy Briggs
0 siblings, 1 reply; 3+ messages in thread
From: Mimi Zohar @ 2014-06-18 2:08 UTC (permalink / raw)
To: Richard Guy Briggs
Cc: linux-audit, linux-kernel, linux-security-module, linux-ima-user,
Mimi Zohar
On Mon, 2014-06-16 at 15:52 -0400, Richard Guy Briggs wrote:
> Replace spaces in op keyword labels in log output since userspace audit tools
> can't parse orphaned keywords.
The patch didn't apply cleanly to linux-integrity/#next. Please take a
look at it (linux-integrity/#next-fixes).
thanks,
Mimi
> Reported-by: Steve Grubb <sgrubb@redhat.com>
> Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> ---
> security/integrity/ima/ima_appraise.c | 2 +-
> security/integrity/ima/ima_policy.c | 6 +++---
> 2 files changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
> index 734e946..61c95af 100644
> --- a/security/integrity/ima/ima_appraise.c
> +++ b/security/integrity/ima/ima_appraise.c
> @@ -214,7 +214,7 @@ int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,
> hash_start = 1;
> case IMA_XATTR_DIGEST:
> if (iint->flags & IMA_DIGSIG_REQUIRED) {
> - cause = "IMA signature required";
> + cause = "IMA-signature-required";
> status = INTEGRITY_FAIL;
> break;
> }
> diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
> index a9c3d3c..dbdc528 100644
> --- a/security/integrity/ima/ima_policy.c
> +++ b/security/integrity/ima/ima_policy.c
> @@ -330,7 +330,7 @@ void __init ima_init_policy(void)
> void ima_update_policy(void)
> {
> const char *op = "policy_update";
> - const char *cause = "already exists";
> + const char *cause = "already-exists";
> int result = 1;
> int audit_info = 0;
>
> @@ -654,7 +654,7 @@ ssize_t ima_parse_add_rule(char *rule)
> /* Prevent installed policy from changing */
> if (ima_rules != &ima_default_rules) {
> integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
> - NULL, op, "already exists",
> + NULL, op, "already-exists",
> -EACCES, audit_info);
> return -EACCES;
> }
> @@ -680,7 +680,7 @@ ssize_t ima_parse_add_rule(char *rule)
> if (result) {
> kfree(entry);
> integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
> - NULL, op, "invalid policy", result,
> + NULL, op, "invalid-policy", result,
> audit_info);
> return result;
> }
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Linux-ima-user] [PATCH] audit: fix dangling keywords in integrity ima message output
2014-06-18 2:08 ` [Linux-ima-user] " Mimi Zohar
@ 2014-06-19 2:23 ` Richard Guy Briggs
0 siblings, 0 replies; 3+ messages in thread
From: Richard Guy Briggs @ 2014-06-19 2:23 UTC (permalink / raw)
To: Mimi Zohar
Cc: linux-audit, linux-kernel, linux-security-module, linux-ima-user,
Mimi Zohar
On 14/06/17, Mimi Zohar wrote:
> On Mon, 2014-06-16 at 15:52 -0400, Richard Guy Briggs wrote:
> > Replace spaces in op keyword labels in log output since userspace audit tools
> > can't parse orphaned keywords.
>
> The patch didn't apply cleanly to linux-integrity/#next. Please take a
> look at it (linux-integrity/#next-fixes).
Looks like just the change from "const char *op" to "static const char
op[]" in the context. Looks fine to me.
> thanks,
Thanks Mimi.
> Mimi
>
> > Reported-by: Steve Grubb <sgrubb@redhat.com>
> > Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> > ---
> > security/integrity/ima/ima_appraise.c | 2 +-
> > security/integrity/ima/ima_policy.c | 6 +++---
> > 2 files changed, 4 insertions(+), 4 deletions(-)
> >
> > diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
> > index 734e946..61c95af 100644
> > --- a/security/integrity/ima/ima_appraise.c
> > +++ b/security/integrity/ima/ima_appraise.c
> > @@ -214,7 +214,7 @@ int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,
> > hash_start = 1;
> > case IMA_XATTR_DIGEST:
> > if (iint->flags & IMA_DIGSIG_REQUIRED) {
> > - cause = "IMA signature required";
> > + cause = "IMA-signature-required";
> > status = INTEGRITY_FAIL;
> > break;
> > }
> > diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
> > index a9c3d3c..dbdc528 100644
> > --- a/security/integrity/ima/ima_policy.c
> > +++ b/security/integrity/ima/ima_policy.c
> > @@ -330,7 +330,7 @@ void __init ima_init_policy(void)
> > void ima_update_policy(void)
> > {
> > const char *op = "policy_update";
> > - const char *cause = "already exists";
> > + const char *cause = "already-exists";
> > int result = 1;
> > int audit_info = 0;
> >
> > @@ -654,7 +654,7 @@ ssize_t ima_parse_add_rule(char *rule)
> > /* Prevent installed policy from changing */
> > if (ima_rules != &ima_default_rules) {
> > integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
> > - NULL, op, "already exists",
> > + NULL, op, "already-exists",
> > -EACCES, audit_info);
> > return -EACCES;
> > }
> > @@ -680,7 +680,7 @@ ssize_t ima_parse_add_rule(char *rule)
> > if (result) {
> > kfree(entry);
> > integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
> > - NULL, op, "invalid policy", result,
> > + NULL, op, "invalid-policy", result,
> > audit_info);
> > return result;
> > }
- RGB
--
Richard Guy Briggs <rbriggs@redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-06-19 2:23 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-06-16 19:52 [PATCH] audit: fix dangling keywords in integrity ima message output Richard Guy Briggs
2014-06-18 2:08 ` [Linux-ima-user] " Mimi Zohar
2014-06-19 2:23 ` Richard Guy Briggs
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox