diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-08-16 07:54:12 +0200 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-08-16 07:54:12 +0200 |
| commit | f91e654474d413201ae578820fb63f8a811f6c4e (patch) | |
| tree | 7f32d5757381b3371dbf095510622472c7d3aa43 /security/integrity/integrity_audit.c | |
| parent | Merge branch 'next-tpm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmor... (diff) | |
| parent | EVM: fix return value check in evm_write_xattrs() (diff) | |
| download | linux-f91e654474d413201ae578820fb63f8a811f6c4e.tar.xz linux-f91e654474d413201ae578820fb63f8a811f6c4e.zip | |
Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull integrity updates from James Morris:
"This adds support for EVM signatures based on larger digests, contains
a new audit record AUDIT_INTEGRITY_POLICY_RULE to differentiate the
IMA policy rules from the IMA-audit messages, addresses two deadlocks
due to either loading or searching for crypto algorithms, and cleans
up the audit messages"
* 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
EVM: fix return value check in evm_write_xattrs()
integrity: prevent deadlock during digsig verification.
evm: Allow non-SHA1 digital signatures
evm: Don't deadlock if a crypto algorithm is unavailable
integrity: silence warning when CONFIG_SECURITYFS is not enabled
ima: Differentiate auditing policy rules from "audit" actions
ima: Do not audit if CONFIG_INTEGRITY_AUDIT is not set
ima: Use audit_log_format() rather than audit_log_string()
ima: Call audit_log_string() rather than logging it untrusted
Diffstat (limited to 'security/integrity/integrity_audit.c')
| -rw-r--r-- | security/integrity/integrity_audit.c | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/security/integrity/integrity_audit.c b/security/integrity/integrity_audit.c index ab10a25310a1..82c98f7d217e 100644 --- a/security/integrity/integrity_audit.c +++ b/security/integrity/integrity_audit.c @@ -45,11 +45,7 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode, from_kuid(&init_user_ns, audit_get_loginuid(current)), audit_get_sessionid(current)); audit_log_task_context(ab); - audit_log_format(ab, " op="); - audit_log_string(ab, op); - audit_log_format(ab, " cause="); - audit_log_string(ab, cause); - audit_log_format(ab, " comm="); + audit_log_format(ab, " op=%s cause=%s comm=", op, cause); audit_log_untrustedstring(ab, get_task_comm(name, current)); if (fname) { audit_log_format(ab, " name="); |