From mboxrd@z Thu Jan 1 00:00:00 1970 From: Richard Guy Briggs Subject: [PATCH] loginuid change logging details Date: Fri, 17 Jan 2014 18:34:56 -0500 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: linux-audit@redhat.com Cc: Richard Guy Briggs List-Id: linux-audit@redhat.com I missed posting this before the holidays. I discovered this while adding other information to other message types. It seemed to me that loginuid changes were significantly missing context references. This patch adds that. Is this sufficient, or is there more information missing too? If this is sufficient, stop reading this cover letter and review the patch. If it is not sufficient, keep reading below... The question has been raised that perhaps we should be switching this to use audit_log_task_info() istead which adds a whole lot more information about this task. In the existing message pid uid are already given, before old-auid new-auid old-ses new-ses . The function audit_log_task_info() gives: ppid pid auid uid gid euid suid fsuid egid sgid fsgid tty ses comm exe res . So, pid uid are in the right order, along with new-auid (auid) new-ses (ses) but if we give the old-auid old-ses values first, then call audit_log_task_info(), the old values will preceed pid uid . Is this re-ordering acceptable to gain more information and reduce code duplicity? Richard Guy Briggs (1): audit: log task context when setting loginuid kernel/auditsc.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-)