selinux.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: James Carter <jwcart2@gmail.com>
To: "Christian Göttsche" <cgzones@googlemail.com>
Cc: selinux@vger.kernel.org
Subject: Re: [PATCH] libselinux: avoid newline in avc message
Date: Mon, 15 Aug 2022 11:53:39 -0400	[thread overview]
Message-ID: <CAP+JOzSM4ZGBK_ncgxhFzH1SWQdvNOOfwqrVr+nMA1HdZcJbcw@mail.gmail.com> (raw)
In-Reply-To: <CAP+JOzSXn++7PrSViBt2tEsBr1vNweAtduO00bAMmv3GjTOuCQ@mail.gmail.com>

On Wed, Aug 10, 2022 at 11:33 AM James Carter <jwcart2@gmail.com> wrote:
>
> On Mon, Aug 8, 2022 at 1:36 PM Christian Göttsche
> <cgzones@googlemail.com> wrote:
> >
> > Do not add a final newline to the avc log message as it will be treated
> > as a part of the tclass field in final audit record:
> >
> >     {
> >         "AUDIT_FIELD_EXE" : "/usr/bin/dbus-broker",
> >         "_UID" : "104",
> >         "_AUDIT_SESSION" : "4294967295",
> >         "_TRANSPORT" : "audit",
> >         "__REALTIME_TIMESTAMP" : "1659975331468531",
> >         "_AUDIT_TYPE" : "1107",
> >         "AUDIT_FIELD_SCONTEXT" : "system_u:system_r:systemd_t:s0",
> >         "_AUDIT_LOGINUID" : "4294967295",
> >         "_SELINUX_CONTEXT" : "system_u:system_r:system_dbusd_t:s0-s0:c0.c1023",
> >         "AUDIT_FIELD_SAUID" : "104",
> >         "MESSAGE" : "USER_AVC pid=1538 uid=104 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  granted  { send_msg } for  scontext=system_u:system_r:systemd_t:s0 tcontext=system_u:system_r:systemd_logind_t:s0 tclass=dbus\n exe=\"/usr/bin/dbus-broker\" sauid=104 hostname=? addr=? terminal=?'",
> >         "AUDIT_FIELD_TCONTEXT" : "system_u:system_r:systemd_logind_t:s0",
> >         "_SOURCE_REALTIME_TIMESTAMP" : "1659975331462000",
> >         "__MONOTONIC_TIMESTAMP" : "207995768",
> >         "AUDIT_FIELD_TCLASS" : "dbus\n",
> >         "AUDIT_FIELD_TERMINAL" : "?",
> >         "_PID" : "1538",
> >         "SYSLOG_FACILITY" : "4",
> >         "_BOOT_ID" : "3921464b65f64fb4a7c037dee97cd6ad",
> >         "SYSLOG_IDENTIFIER" : "audit",
> >         "_MACHINE_ID" : "5d78c28f10d54c0fb7b6fd1acc6af8ff",
> >         "_AUDIT_TYPE_NAME" : "USER_AVC",
> >         "__CURSOR" : "s=84589ce96ff8400189fc515ff892674a;i=c38e;b=3921464b65f64fb4a7c037dee97cd6ad;m=c65c378;t=5e5bd1ff7d4f3;x=c22e610fc9b00b10",
> >         "AUDIT_FIELD_ADDR" : "?",
> >         "AUDIT_FIELD_HOSTNAME" : "?",
> >         "_AUDIT_ID" : "1075",
> >         "_HOSTNAME" : "debianBullseye"
> >     }
> >
> > Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
>
> Acked-by: James Carter <jwcart2@gmail.com>
>
Merged.
Thanks,
Jim

> > ---
> >  libselinux/src/avc.c | 1 -
> >  1 file changed, 1 deletion(-)
> >
> > diff --git a/libselinux/src/avc.c b/libselinux/src/avc.c
> > index 7493e4b2..8d5983a2 100644
> > --- a/libselinux/src/avc.c
> > +++ b/libselinux/src/avc.c
> > @@ -725,7 +725,6 @@ void avc_audit(security_id_t ssid, security_id_t tsid,
> >         if (denied)
> >                 log_append(avc_audit_buf, " permissive=%u", result ? 0 : 1);
> >
> > -       log_append(avc_audit_buf, "\n");
> >         avc_log(SELINUX_AVC, "%s", avc_audit_buf);
> >
> >         avc_release_lock(avc_log_lock);
> > --
> > 2.36.1
> >

      reply	other threads:[~2022-08-15 15:53 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-08-08 17:34 [PATCH] libselinux: avoid newline in avc message Christian Göttsche
2022-08-10 15:33 ` James Carter
2022-08-15 15:53   ` James Carter [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAP+JOzSM4ZGBK_ncgxhFzH1SWQdvNOOfwqrVr+nMA1HdZcJbcw@mail.gmail.com \
    --to=jwcart2@gmail.com \
    --cc=cgzones@googlemail.com \
    --cc=selinux@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).