From: Paul Moore <paul@paul-moore.com> To: Lakshmi Ramasubramanian <nramas@linux.microsoft.com> Cc: zohar@linux.ibm.com, sgrubb@redhat.com, rgb@redhat.com, linux-integrity@vger.kernel.org, linux-audit@redhat.com, linux-kernel@vger.kernel.org Subject: Re: [PATCH v3 1/2] integrity: Add errno field in audit message Date: Tue, 23 Jun 2020 20:07:13 -0400 [thread overview] Message-ID: <CAHC9VhTW-M7e7BK3d-UKi6KuPo3=8wNzAU1hN3HDsw=B-CGxFw@mail.gmail.com> (raw) In-Reply-To: <20200618211012.2823-1-nramas@linux.microsoft.com> On Thu, Jun 18, 2020 at 5:10 PM Lakshmi Ramasubramanian <nramas@linux.microsoft.com> wrote: > > Error code is not included in the audit messages logged by > the integrity subsystem. > > Define a new function integrity_audit_message() that takes error code > in the "errno" parameter. Add "errno" field in the audit messages logged > by the integrity subsystem and set the value passed in the "errno" > parameter. > > [ 6.303048] audit: type=1804 audit(1592506281.627:2): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel op=measuring_key cause=ENOMEM comm="swapper/0" name=".builtin_trusted_keys" res=0 errno=-12 > > [ 7.987647] audit: type=1802 audit(1592506283.312:9): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 op=policy_update cause=completed comm="systemd" res=1 errno=0 > > [ 8.019432] audit: type=1804 audit(1592506283.344:10): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 op=measuring_kexec_cmdline cause=hashing_error comm="systemd" name="kexec-cmdline" res=0 errno=-22 > > Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com> > Suggested-by: Steve Grubb <sgrubb@redhat.com> > Suggested-by: Mimi Zohar <zohar@linux.ibm.com> > --- > security/integrity/integrity.h | 13 +++++++++++++ > security/integrity/integrity_audit.c | 11 ++++++++++- > 2 files changed, 23 insertions(+), 1 deletion(-) The audit record changes look good to me. Acked-by: Paul Moore <paul@paul-moore.com> > diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h > index 16c1894c29bb..413c803c5208 100644 > --- a/security/integrity/integrity.h > +++ b/security/integrity/integrity.h > @@ -239,6 +239,11 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode, > const unsigned char *fname, const char *op, > const char *cause, int result, int info); > > +void integrity_audit_message(int audit_msgno, struct inode *inode, > + const unsigned char *fname, const char *op, > + const char *cause, int result, int info, > + int errno); > + > static inline struct audit_buffer * > integrity_audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) > { > @@ -253,6 +258,14 @@ static inline void integrity_audit_msg(int audit_msgno, struct inode *inode, > { > } > > +static inline void integrity_audit_message(int audit_msgno, > + struct inode *inode, > + const unsigned char *fname, > + const char *op, const char *cause, > + int result, int info, int errno) > +{ > +} > + > static inline struct audit_buffer * > integrity_audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) > { > diff --git a/security/integrity/integrity_audit.c b/security/integrity/integrity_audit.c > index 5109173839cc..f25e7df099c8 100644 > --- a/security/integrity/integrity_audit.c > +++ b/security/integrity/integrity_audit.c > @@ -28,6 +28,15 @@ __setup("integrity_audit=", integrity_audit_setup); > void integrity_audit_msg(int audit_msgno, struct inode *inode, > const unsigned char *fname, const char *op, > const char *cause, int result, int audit_info) > +{ > + integrity_audit_message(audit_msgno, inode, fname, op, cause, > + result, audit_info, 0); > +} > + > +void integrity_audit_message(int audit_msgno, struct inode *inode, > + const unsigned char *fname, const char *op, > + const char *cause, int result, int audit_info, > + int errno) > { > struct audit_buffer *ab; > char name[TASK_COMM_LEN]; > @@ -53,6 +62,6 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode, > audit_log_untrustedstring(ab, inode->i_sb->s_id); > audit_log_format(ab, " ino=%lu", inode->i_ino); > } > - audit_log_format(ab, " res=%d", !result); > + audit_log_format(ab, " res=%d errno=%d", !result, errno); > audit_log_end(ab); > } > -- > 2.27.0 > -- paul moore www.paul-moore.com
WARNING: multiple messages have this Message-ID (diff)
From: Paul Moore <paul@paul-moore.com> To: Lakshmi Ramasubramanian <nramas@linux.microsoft.com> Cc: rgb@redhat.com, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, linux-audit@redhat.com, linux-integrity@vger.kernel.org Subject: Re: [PATCH v3 1/2] integrity: Add errno field in audit message Date: Tue, 23 Jun 2020 20:07:13 -0400 [thread overview] Message-ID: <CAHC9VhTW-M7e7BK3d-UKi6KuPo3=8wNzAU1hN3HDsw=B-CGxFw@mail.gmail.com> (raw) In-Reply-To: <20200618211012.2823-1-nramas@linux.microsoft.com> On Thu, Jun 18, 2020 at 5:10 PM Lakshmi Ramasubramanian <nramas@linux.microsoft.com> wrote: > > Error code is not included in the audit messages logged by > the integrity subsystem. > > Define a new function integrity_audit_message() that takes error code > in the "errno" parameter. Add "errno" field in the audit messages logged > by the integrity subsystem and set the value passed in the "errno" > parameter. > > [ 6.303048] audit: type=1804 audit(1592506281.627:2): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel op=measuring_key cause=ENOMEM comm="swapper/0" name=".builtin_trusted_keys" res=0 errno=-12 > > [ 7.987647] audit: type=1802 audit(1592506283.312:9): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 op=policy_update cause=completed comm="systemd" res=1 errno=0 > > [ 8.019432] audit: type=1804 audit(1592506283.344:10): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 op=measuring_kexec_cmdline cause=hashing_error comm="systemd" name="kexec-cmdline" res=0 errno=-22 > > Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com> > Suggested-by: Steve Grubb <sgrubb@redhat.com> > Suggested-by: Mimi Zohar <zohar@linux.ibm.com> > --- > security/integrity/integrity.h | 13 +++++++++++++ > security/integrity/integrity_audit.c | 11 ++++++++++- > 2 files changed, 23 insertions(+), 1 deletion(-) The audit record changes look good to me. Acked-by: Paul Moore <paul@paul-moore.com> > diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h > index 16c1894c29bb..413c803c5208 100644 > --- a/security/integrity/integrity.h > +++ b/security/integrity/integrity.h > @@ -239,6 +239,11 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode, > const unsigned char *fname, const char *op, > const char *cause, int result, int info); > > +void integrity_audit_message(int audit_msgno, struct inode *inode, > + const unsigned char *fname, const char *op, > + const char *cause, int result, int info, > + int errno); > + > static inline struct audit_buffer * > integrity_audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) > { > @@ -253,6 +258,14 @@ static inline void integrity_audit_msg(int audit_msgno, struct inode *inode, > { > } > > +static inline void integrity_audit_message(int audit_msgno, > + struct inode *inode, > + const unsigned char *fname, > + const char *op, const char *cause, > + int result, int info, int errno) > +{ > +} > + > static inline struct audit_buffer * > integrity_audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) > { > diff --git a/security/integrity/integrity_audit.c b/security/integrity/integrity_audit.c > index 5109173839cc..f25e7df099c8 100644 > --- a/security/integrity/integrity_audit.c > +++ b/security/integrity/integrity_audit.c > @@ -28,6 +28,15 @@ __setup("integrity_audit=", integrity_audit_setup); > void integrity_audit_msg(int audit_msgno, struct inode *inode, > const unsigned char *fname, const char *op, > const char *cause, int result, int audit_info) > +{ > + integrity_audit_message(audit_msgno, inode, fname, op, cause, > + result, audit_info, 0); > +} > + > +void integrity_audit_message(int audit_msgno, struct inode *inode, > + const unsigned char *fname, const char *op, > + const char *cause, int result, int audit_info, > + int errno) > { > struct audit_buffer *ab; > char name[TASK_COMM_LEN]; > @@ -53,6 +62,6 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode, > audit_log_untrustedstring(ab, inode->i_sb->s_id); > audit_log_format(ab, " ino=%lu", inode->i_ino); > } > - audit_log_format(ab, " res=%d", !result); > + audit_log_format(ab, " res=%d errno=%d", !result, errno); > audit_log_end(ab); > } > -- > 2.27.0 > -- paul moore www.paul-moore.com -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
next prev parent reply other threads:[~2020-06-24 0:07 UTC|newest] Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-06-18 21:10 [PATCH v3 1/2] integrity: Add errno field in audit message Lakshmi Ramasubramanian 2020-06-18 21:10 ` Lakshmi Ramasubramanian 2020-06-18 21:10 ` [PATCH v3 2/2] IMA: Add audit log for failure conditions Lakshmi Ramasubramanian 2020-06-18 21:10 ` Lakshmi Ramasubramanian 2020-06-23 19:58 ` Mimi Zohar 2020-06-23 19:58 ` Mimi Zohar 2020-06-24 17:25 ` Lakshmi Ramasubramanian 2020-06-24 17:25 ` Lakshmi Ramasubramanian 2020-06-25 19:14 ` Paul Moore 2020-06-25 19:14 ` Paul Moore 2020-06-29 16:57 ` Mimi Zohar 2020-06-29 16:57 ` Mimi Zohar 2020-06-22 22:27 ` [PATCH v3 1/2] integrity: Add errno field in audit message Mimi Zohar 2020-06-22 22:27 ` Mimi Zohar 2020-06-24 0:07 ` Paul Moore [this message] 2020-06-24 0:07 ` Paul Moore
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to='CAHC9VhTW-M7e7BK3d-UKi6KuPo3=8wNzAU1hN3HDsw=B-CGxFw@mail.gmail.com' \ --to=paul@paul-moore.com \ --cc=linux-audit@redhat.com \ --cc=linux-integrity@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=nramas@linux.microsoft.com \ --cc=rgb@redhat.com \ --cc=sgrubb@redhat.com \ --cc=zohar@linux.ibm.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.