| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1403057323.6929.13.camel@dhcp-9-2-203-236.watson.ibm.com>
Date: Tue, 17 Jun 2014 22:08:43 -0400
From: Mimi Zohar <zohar@...ux.vnet.ibm.com>
To: Richard Guy Briggs <rgb@...hat.com>
Cc: linux-audit@...hat.com, linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org,
linux-ima-user@...ts.sourceforge.net, Mimi Zohar <zohar@...ibm.com>
Subject: Re: [Linux-ima-user] [PATCH] audit: fix dangling keywords in
integrity ima message output
On Mon, 2014-06-16 at 15:52 -0400, Richard Guy Briggs wrote:
> Replace spaces in op keyword labels in log output since userspace audit tools
> can't parse orphaned keywords.
The patch didn't apply cleanly to linux-integrity/#next. Please take a
look at it (linux-integrity/#next-fixes).
thanks,
Mimi
> Reported-by: Steve Grubb <sgrubb@...hat.com>
> Signed-off-by: Richard Guy Briggs <rgb@...hat.com>
> ---
> security/integrity/ima/ima_appraise.c | 2 +-
> security/integrity/ima/ima_policy.c | 6 +++---
> 2 files changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
> index 734e946..61c95af 100644
> --- a/security/integrity/ima/ima_appraise.c
> +++ b/security/integrity/ima/ima_appraise.c
> @@ -214,7 +214,7 @@ int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,
> hash_start = 1;
> case IMA_XATTR_DIGEST:
> if (iint->flags & IMA_DIGSIG_REQUIRED) {
> - cause = "IMA signature required";
> + cause = "IMA-signature-required";
> status = INTEGRITY_FAIL;
> break;
> }
> diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
> index a9c3d3c..dbdc528 100644
> --- a/security/integrity/ima/ima_policy.c
> +++ b/security/integrity/ima/ima_policy.c
> @@ -330,7 +330,7 @@ void __init ima_init_policy(void)
> void ima_update_policy(void)
> {
> const char *op = "policy_update";
> - const char *cause = "already exists";
> + const char *cause = "already-exists";
> int result = 1;
> int audit_info = 0;
>
> @@ -654,7 +654,7 @@ ssize_t ima_parse_add_rule(char *rule)
> /* Prevent installed policy from changing */
> if (ima_rules != &ima_default_rules) {
> integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
> - NULL, op, "already exists",
> + NULL, op, "already-exists",
> -EACCES, audit_info);
> return -EACCES;
> }
> @@ -680,7 +680,7 @@ ssize_t ima_parse_add_rule(char *rule)
> if (result) {
> kfree(entry);
> integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
> - NULL, op, "invalid policy", result,
> + NULL, op, "invalid-policy", result,
> audit_info);
> return result;
> }
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists