Commit a6c043a8 authored by Steve Grubb's avatar Steve Grubb Committed by Al Viro

[PATCH] Add tty to syscall audit records

Hi,

>From the RBAC specs:

FAU_SAR.1.1 The TSF shall provide the set of authorized
RBAC administrators with the capability to read the following
audit information from the audit records:

<snip>
(e) The User Session Identifier or Terminal Type

A patch adding the tty for all syscalls is included in this email.
Please apply.
Signed-off-by: default avatarSteve Grubb <sgrubb@redhat.com>
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent 5d330108
...@@ -57,6 +57,7 @@ ...@@ -57,6 +57,7 @@
#include <asm/unistd.h> #include <asm/unistd.h>
#include <linux/security.h> #include <linux/security.h>
#include <linux/list.h> #include <linux/list.h>
#include <linux/tty.h>
#include "audit.h" #include "audit.h"
...@@ -573,6 +574,7 @@ static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask) ...@@ -573,6 +574,7 @@ static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask)
int i; int i;
struct audit_buffer *ab; struct audit_buffer *ab;
struct audit_aux_data *aux; struct audit_aux_data *aux;
const char *tty;
ab = audit_log_start(context, gfp_mask, AUDIT_SYSCALL); ab = audit_log_start(context, gfp_mask, AUDIT_SYSCALL);
if (!ab) if (!ab)
...@@ -585,11 +587,15 @@ static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask) ...@@ -585,11 +587,15 @@ static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask)
audit_log_format(ab, " success=%s exit=%ld", audit_log_format(ab, " success=%s exit=%ld",
(context->return_valid==AUDITSC_SUCCESS)?"yes":"no", (context->return_valid==AUDITSC_SUCCESS)?"yes":"no",
context->return_code); context->return_code);
if (current->signal->tty && current->signal->tty->name)
tty = current->signal->tty->name;
else
tty = "(none)";
audit_log_format(ab, audit_log_format(ab,
" a0=%lx a1=%lx a2=%lx a3=%lx items=%d" " a0=%lx a1=%lx a2=%lx a3=%lx items=%d"
" pid=%d auid=%u uid=%u gid=%u" " pid=%d auid=%u uid=%u gid=%u"
" euid=%u suid=%u fsuid=%u" " euid=%u suid=%u fsuid=%u"
" egid=%u sgid=%u fsgid=%u", " egid=%u sgid=%u fsgid=%u tty=%s",
context->argv[0], context->argv[0],
context->argv[1], context->argv[1],
context->argv[2], context->argv[2],
...@@ -600,7 +606,7 @@ static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask) ...@@ -600,7 +606,7 @@ static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask)
context->uid, context->uid,
context->gid, context->gid,
context->euid, context->suid, context->fsuid, context->euid, context->suid, context->fsuid,
context->egid, context->sgid, context->fsgid); context->egid, context->sgid, context->fsgid, tty);
audit_log_task_info(ab, gfp_mask); audit_log_task_info(ab, gfp_mask);
audit_log_end(ab); audit_log_end(ab);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment