diff options
author | Richard Guy Briggs <rgb@redhat.com> | 2014-06-16 21:52:07 +0200 |
---|---|---|
committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2014-07-17 15:35:10 +0200 |
commit | 7e9001f663636116fdc2ea7978f0350849ced624 (patch) | |
tree | 43500e733d4de5bf4a10e95c0f77542acb3d2cb0 | |
parent | ima: delay template descriptor lookup until use (diff) | |
download | linux-7e9001f663636116fdc2ea7978f0350849ced624.tar.xz linux-7e9001f663636116fdc2ea7978f0350849ced624.zip |
audit: fix dangling keywords in integrity ima message output
Replace spaces in op keyword labels in log output since userspace audit tools
can't parse orphaned keywords.
Reported-by: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
-rw-r--r-- | security/integrity/ima/ima_appraise.c | 2 | ||||
-rw-r--r-- | security/integrity/ima/ima_policy.c | 6 |
2 files changed, 4 insertions, 4 deletions
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index d3113d4aaa3c..59ac90275070 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -214,7 +214,7 @@ int ima_appraise_measurement(int func, struct integrity_iint_cache *iint, hash_start = 1; case IMA_XATTR_DIGEST: if (iint->flags & IMA_DIGSIG_REQUIRED) { - cause = "IMA signature required"; + cause = "IMA-signature-required"; status = INTEGRITY_FAIL; break; } diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 40a7488f6721..cea84d8bd7be 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -332,7 +332,7 @@ void __init ima_init_policy(void) void ima_update_policy(void) { static const char op[] = "policy_update"; - const char *cause = "already exists"; + const char *cause = "already-exists"; int result = 1; int audit_info = 0; @@ -659,7 +659,7 @@ ssize_t ima_parse_add_rule(char *rule) /* Prevent installed policy from changing */ if (ima_rules != &ima_default_rules) { integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, - NULL, op, "already exists", + NULL, op, "already-exists", -EACCES, audit_info); return -EACCES; } @@ -685,7 +685,7 @@ ssize_t ima_parse_add_rule(char *rule) if (result) { kfree(entry); integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, - NULL, op, "invalid policy", result, + NULL, op, "invalid-policy", result, audit_info); return result; } |