diff options
author | Ondrej Mosnacek <omosnace@redhat.com> | 2021-09-14 15:15:16 +0200 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2021-09-20 04:47:04 +0200 |
commit | 8e71168e2cc760e2d016ad99a59773169211472f (patch) | |
tree | 7c03f0b777553148d2d26db0c9c58130a385dd98 | |
parent | audit: Convert to SPDX identifier (diff) | |
download | linux-8e71168e2cc760e2d016ad99a59773169211472f.tar.xz linux-8e71168e2cc760e2d016ad99a59773169211472f.zip |
lsm_audit: avoid overloading the "key" audit field
The "key" field is used to associate records with the rule that
triggered them, os it's not a good idea to overload it with an
additional IPC key semantic. Moreover, as the classic "key" field is a
text field, while the IPC key is numeric, AVC records containing the IPC
key info actually confuse audit userspace, which tries to interpret the
number as a hex-encoded string, thus showing garbage for example in the
ausearch "interpret" output mode.
Hence, change it to "ipc_key" to fix both issues and also make the
meaning of this field more clear.
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Reviewed-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
-rw-r--r-- | security/lsm_audit.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/lsm_audit.c b/security/lsm_audit.c index 5a5016ef43b0..1897cbf6fc69 100644 --- a/security/lsm_audit.c +++ b/security/lsm_audit.c @@ -224,7 +224,7 @@ static void dump_common_audit_data(struct audit_buffer *ab, case LSM_AUDIT_DATA_NONE: return; case LSM_AUDIT_DATA_IPC: - audit_log_format(ab, " key=%d ", a->u.ipc_id); + audit_log_format(ab, " ipc_key=%d ", a->u.ipc_id); break; case LSM_AUDIT_DATA_CAP: audit_log_format(ab, " capability=%d ", a->u.cap); |