Re: [redhat-lspp] [PATCH] newrole auditing of failures due to user actions

On Thu, 2006-09-28 at 14:37 -0500, Michael C Thompson wrote: > This patch introduces two new point in the code where audit records are > generated for newrole. Both points are when the attempt to newrole fails. > > The first point is when the default type could not be determine for the > specified role - this is audited because, as sgrubb pointed out, it is > currently non-tracked path to probe the policy. > > The second point is when the desired context to change to is invalid. > > There record format remains unchanged. Failing to validate the desired > context will result in the old and new contexts being recorded intact to > the log. For the default type, the old and new contexts have not yet > been obtained, so they are recorded in the log as XXX_context=? > > Signed-off-by: Michael Thompson <thompsmc(a)us.ibm.com&gt; (note: needs to go to selinux list if you want it merged) --- policycoreutils-1.30.29/newrole/newrole.c 2006-09-14 07:07:26.000000000 -0500 +++ policycoreutils-1.30.29.orig.dev/newrole/newrole.c 2006-09-28 14:21:27.000000000 -0500 @@ -47,7 +47,9 @@ * *************************************************************************/ +#ifndef _GNU_SOURCE #define _GNU_SOURCE +#endif I think that the -D_GNU_SOURCE should just be removed from the Makefile.

@@ -394,6 +396,41 @@ cap_free(new_caps); } } + +/* Send audit message */ +int send_audit_message(int success, security_context_t old_context, + security_context_t new_context, const char *ttyn) You need to wrap the entire function with #ifdef LOG_AUDIT_PRIV, and provide a trivial inline function in the #else clause, e.g. #else static inline int send_audit_message(int success, security_context_t old_context, security_context_t new_context, const char *ttyn) { return 0; } #endif

@@ -536,6 +573,9 @@ if (role_s && !type_s) { if (get_default_type(role_s, &type_s)) { fprintf(stderr, _("Couldn't get default type.\n")); +#ifdef LOG_AUDIT_PRIV + send_audit_message(0, old_context, new_context, ttyn); +#endif You can then drop the #ifdefs here and later, since send_audit_message() will always have a valid definition.