Re: [Linux-ima-user] [PATCH] audit: fix dangling keywords in integrity ima message output

Wednesday, 18 June 2014

On 14/06/17, Mimi Zohar wrote:
...
 On Mon, 2014-06-16 at 15:52 -0400, Richard Guy Briggs wrote:
 > Replace spaces in op keyword labels in log output since userspace audit tools
 > can't parse orphaned keywords.

 The patch didn't apply cleanly to linux-integrity/#next.  Please take a
 look at it (linux-integrity/#next-fixes). 
Looks like just the change from "const char *op" to "static const char
op[]" in the context.  Looks fine to me.

...
 thanks, 
Thanks Mimi.

...
 Mimi 

 > Reported-by: Steve Grubb <sgrubb(a)redhat.com&gt;
 > Signed-off-by: Richard Guy Briggs <rgb(a)redhat.com&gt;
 > ---
 >  security/integrity/ima/ima_appraise.c |    2 +-
 >  security/integrity/ima/ima_policy.c   |    6 +++---
 >  2 files changed, 4 insertions(+), 4 deletions(-)
 > 
 > diff --git a/security/integrity/ima/ima_appraise.c
b/security/integrity/ima/ima_appraise.c
 > index 734e946..61c95af 100644
 > --- a/security/integrity/ima/ima_appraise.c
 > +++ b/security/integrity/ima/ima_appraise.c
 > @@ -214,7 +214,7 @@ int ima_appraise_measurement(int func, struct
integrity_iint_cache *iint,
 >  		hash_start = 1;
 >  	case IMA_XATTR_DIGEST:
 >  		if (iint->flags & IMA_DIGSIG_REQUIRED) {
 > -			cause = "IMA signature required";
 > +			cause = "IMA-signature-required";
 >  			status = INTEGRITY_FAIL;
 >  			break;
 >  		}
 > diff --git a/security/integrity/ima/ima_policy.c
b/security/integrity/ima/ima_policy.c
 > index a9c3d3c..dbdc528 100644
 > --- a/security/integrity/ima/ima_policy.c
 > +++ b/security/integrity/ima/ima_policy.c
 > @@ -330,7 +330,7 @@ void __init ima_init_policy(void)
 >  void ima_update_policy(void)
 >  {
 >  	const char *op = "policy_update";
 > -	const char *cause = "already exists";
 > +	const char *cause = "already-exists";
 >  	int result = 1;
 >  	int audit_info = 0;
 > 
 > @@ -654,7 +654,7 @@ ssize_t ima_parse_add_rule(char *rule)
 >  	/* Prevent installed policy from changing */
 >  	if (ima_rules != &ima_default_rules) {
 >  		integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
 > -				    NULL, op, "already exists",
 > +				    NULL, op, "already-exists",
 >  				    -EACCES, audit_info);
 >  		return -EACCES;
 >  	}
 > @@ -680,7 +680,7 @@ ssize_t ima_parse_add_rule(char *rule)
 >  	if (result) {
 >  		kfree(entry);
 >  		integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
 > -				    NULL, op, "invalid policy", result,
 > +				    NULL, op, "invalid-policy", result,
 >  				    audit_info);
 >  		return result;
 >  	} 
- RGB

--
Richard Guy Briggs <rbriggs(a)redhat.com&gt;
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [Linux-ima-user] [PATCH] audit: fix dangling keywords in integrity ima message output