mirror of
https://github.com/adulau/aha.git
synced 2024-12-28 03:36:19 +00:00
[PATCH] Add tty to syscall audit records
Hi, >From the RBAC specs: FAU_SAR.1.1 The TSF shall provide the set of authorized RBAC administrators with the capability to read the following audit information from the audit records: <snip> (e) The User Session Identifier or Terminal Type A patch adding the tty for all syscalls is included in this email. Please apply. Signed-off-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
parent
5d3301088f
commit
a6c043a887
1 changed files with 8 additions and 2 deletions
|
@ -57,6 +57,7 @@
|
|||
#include <asm/unistd.h>
|
||||
#include <linux/security.h>
|
||||
#include <linux/list.h>
|
||||
#include <linux/tty.h>
|
||||
|
||||
#include "audit.h"
|
||||
|
||||
|
@ -573,6 +574,7 @@ static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask)
|
|||
int i;
|
||||
struct audit_buffer *ab;
|
||||
struct audit_aux_data *aux;
|
||||
const char *tty;
|
||||
|
||||
ab = audit_log_start(context, gfp_mask, AUDIT_SYSCALL);
|
||||
if (!ab)
|
||||
|
@ -585,11 +587,15 @@ static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask)
|
|||
audit_log_format(ab, " success=%s exit=%ld",
|
||||
(context->return_valid==AUDITSC_SUCCESS)?"yes":"no",
|
||||
context->return_code);
|
||||
if (current->signal->tty && current->signal->tty->name)
|
||||
tty = current->signal->tty->name;
|
||||
else
|
||||
tty = "(none)";
|
||||
audit_log_format(ab,
|
||||
" a0=%lx a1=%lx a2=%lx a3=%lx items=%d"
|
||||
" pid=%d auid=%u uid=%u gid=%u"
|
||||
" euid=%u suid=%u fsuid=%u"
|
||||
" egid=%u sgid=%u fsgid=%u",
|
||||
" egid=%u sgid=%u fsgid=%u tty=%s",
|
||||
context->argv[0],
|
||||
context->argv[1],
|
||||
context->argv[2],
|
||||
|
@ -600,7 +606,7 @@ static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask)
|
|||
context->uid,
|
||||
context->gid,
|
||||
context->euid, context->suid, context->fsuid,
|
||||
context->egid, context->sgid, context->fsgid);
|
||||
context->egid, context->sgid, context->fsgid, tty);
|
||||
audit_log_task_info(ab, gfp_mask);
|
||||
audit_log_end(ab);
|
||||
|
||||
|
|
Loading…
Reference in a new issue