summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorPaul Moore <paul.moore@hp.com>2009-09-23 19:46:00 +0200
committerAl Viro <viro@zeniv.linux.org.uk>2009-09-24 09:50:26 +0200
commitd81165919ebf6e1cb9eeb612150f9287ad414659 (patch)
tree25b205e22ec1182e6a92f77381b58a5b09972f7f /security
parentAudit: send signal info if selinux is disabled (diff)
downloadlinux-d81165919ebf6e1cb9eeb612150f9287ad414659.tar.xz
linux-d81165919ebf6e1cb9eeb612150f9287ad414659.zip
lsm: Use a compressed IPv6 string format in audit events
Currently the audit subsystem prints uncompressed IPv6 addresses which not only differs from common usage but also results in ridiculously large audit strings which is not a good thing. This patch fixes this by simply converting audit to always print compressed IPv6 addresses. Old message example: audit(1253576792.161:30): avc: denied { ingress } for saddr=0000:0000:0000:0000:0000:0000:0000:0001 src=5000 daddr=0000:0000:0000:0000:0000:0000:0000:0001 dest=35502 netif=lo scontext=system_u:object_r:unlabeled_t:s15:c0.c1023 tcontext=system_u:object_r:lo_netif_t:s0-s15:c0.c1023 tclass=netif New message example: audit(1253576792.161:30): avc: denied { ingress } for saddr=::1 src=5000 daddr=::1 dest=35502 netif=lo scontext=system_u:object_r:unlabeled_t:s15:c0.c1023 tcontext=system_u:object_r:lo_netif_t:s0-s15:c0.c1023 tclass=netif Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'security')
-rw-r--r--security/lsm_audit.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/lsm_audit.c b/security/lsm_audit.c
index 500aad0ebd6a..3bb90b6f1dd3 100644
--- a/security/lsm_audit.c
+++ b/security/lsm_audit.c
@@ -187,7 +187,7 @@ static inline void print_ipv6_addr(struct audit_buffer *ab,
char *name1, char *name2)
{
if (!ipv6_addr_any(addr))
- audit_log_format(ab, " %s=%pI6", name1, addr);
+ audit_log_format(ab, " %s=%pI6c", name1, addr);
if (port)
audit_log_format(ab, " %s=%d", name2, ntohs(port));
}