* auditsc.c : "error converting sid to string". Is this a bug?
@ 2011-07-22 17:17 Luke Lovett
2011-07-27 0:49 ` Casey Schaufler
0 siblings, 1 reply; 2+ messages in thread
From: Luke Lovett @ 2011-07-22 17:17 UTC (permalink / raw)
To: linux-audit; +Cc: Benjamin Kuperman, Isaac McCreery
Hello linux-audit mailing list,
I and my colleagues have been doing some stress testing of the linux
auditing system
and have been concerned by an error message that fills my screen.
The message reads "error converting sid to string." I have traced this
to the following (in auditsc.c):
static void show_special(struct audit_context *context, int *call_panic) {
...
switch (context->type) {
...
case AUDIT_IPC: {
u32 osid = context->ipc.osid;
audit_log_format(ab, "ouid=%u ogid=%u mode=%#o",
context->ipc.uid, context->ipc.gid, context->ipc.mode);
if (osid) {
char *ctx = NULL;
u32 len;
if (security_secid_to_secctx(osid, &ctx, &len)) {
audit_log_format(ab, " osid=%u", osid);
*call_panic = 1;
} else {
audit_log_format(ab, " obj=%s", ctx);
security_release_secctx(ctx, len);
}
}
}
...
}
...
}
"show_special" is a function called inside of audit_log_exit, also in auditsc.c.
The nonzero value of call_panic is what ultimately causes the message
to fill the screen (every time an audit log closes).
security_secid_to_secctx is defined as the following:
static inline int security_secid_to_secctx(u32 secid, char **secdata,
u32 *seclen)
{
return -EOPNOTSUPP;
}
where -EOPNOTSUPP == -122, and security_release_secctx does nothing at all.
I was wondering what these last two functions are supposed to be doing.
Right now, it looks like this part may be incomplete, but 'security.h', where
these last two functions are sourced, has comments at the top that date to 2001.
Is it necessary to print the "error converting sid to string" message?
Does anyone know the original intentions of these functions? Is there a fix I
should be aware of?
Thank you all.
Luke
^ permalink raw reply [flat|nested] 2+ messages in thread* Re: auditsc.c : "error converting sid to string". Is this a bug?
2011-07-22 17:17 auditsc.c : "error converting sid to string". Is this a bug? Luke Lovett
@ 2011-07-27 0:49 ` Casey Schaufler
0 siblings, 0 replies; 2+ messages in thread
From: Casey Schaufler @ 2011-07-27 0:49 UTC (permalink / raw)
To: Luke Lovett; +Cc: Isaac McCreery, linux-audit, Benjamin Kuperman
On 7/22/2011 10:17 AM, Luke Lovett wrote:
> Hello linux-audit mailing list,
>
> I and my colleagues have been doing some stress testing of the linux
> auditing system
> and have been concerned by an error message that fills my screen.
> The message reads "error converting sid to string." I have traced this
> to the following (in auditsc.c):
>
> static void show_special(struct audit_context *context, int *call_panic) {
>
> ...
>
> switch (context->type) {
>
> ...
>
> case AUDIT_IPC: {
> u32 osid = context->ipc.osid;
>
> audit_log_format(ab, "ouid=%u ogid=%u mode=%#o",
> context->ipc.uid, context->ipc.gid, context->ipc.mode);
> if (osid) {
> char *ctx = NULL;
> u32 len;
> if (security_secid_to_secctx(osid, &ctx, &len)) {
> audit_log_format(ab, " osid=%u", osid);
> *call_panic = 1;
> } else {
> audit_log_format(ab, " obj=%s", ctx);
> security_release_secctx(ctx, len);
> }
> }
>
>
> }
>
> ...
>
> }
>
> ...
>
> }
>
> "show_special" is a function called inside of audit_log_exit, also in auditsc.c.
>
> The nonzero value of call_panic is what ultimately causes the message
> to fill the screen (every time an audit log closes).
>
> security_secid_to_secctx is defined as the following:
>
> static inline int security_secid_to_secctx(u32 secid, char **secdata,
> u32 *seclen)
> {
> return -EOPNOTSUPP;
> }
>
> where -EOPNOTSUPP == -122, and security_release_secctx does nothing at all.
>
> I was wondering what these last two functions are supposed to be doing.
These are LSM hooks. If you have SELinux, AppArmor, TOMOYO or
Smack configured as your LSM the problem is a most likely in
the LSM. If none are configured it's a different issue.
> Right now, it looks like this part may be incomplete, but 'security.h', where
> these last two functions are sourced, has comments at the top that date to 2001.
> Is it necessary to print the "error converting sid to string" message?
> Does anyone know the original intentions of these functions? Is there a fix I
> should be aware of?
>
> Thank you all.
>
> Luke
>
> --
> Linux-audit mailing list
> Linux-audit@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-07-27 0:49 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-07-22 17:17 auditsc.c : "error converting sid to string". Is this a bug? Luke Lovett
2011-07-27 0:49 ` Casey Schaufler
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox