| Message ID | 20200618211012.2823-1-nramas@linux.microsoft.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [v3,1/2] integrity: Add errno field in audit message | expand |
On Thu, 2020-06-18 at 14:10 -0700, Lakshmi Ramasubramanian wrote: > Error code is not included in the audit messages logged by > the integrity subsystem. > > Define a new function integrity_audit_message() that takes error code > in the "errno" parameter. Add "errno" field in the audit messages logged > by the integrity subsystem and set the value passed in the "errno" > parameter. > > [ 6.303048] audit: type=1804 audit(1592506281.627:2): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel op=measuring_key cause=ENOMEM comm="swapper/0" name=".builtin_trusted_keys" res=0 errno=-12 > > [ 7.987647] audit: type=1802 audit(1592506283.312:9): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 op=policy_update cause=completed comm="systemd" res=1 errno=0 > > [ 8.019432] audit: type=1804 audit(1592506283.344:10): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 op=measuring_kexec_cmdline cause=hashing_error comm="systemd" name="kexec-cmdline" res=0 errno=-22 > > Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com> > Suggested-by: Steve Grubb <sgrubb@redhat.com> > Suggested-by: Mimi Zohar <zohar@linux.ibm.com> Thanks, Lakshmi. Steve, Paul, because of the code changes, your tags were dropped. Mimi
On Thu, Jun 18, 2020 at 5:10 PM Lakshmi Ramasubramanian <nramas@linux.microsoft.com> wrote: > > Error code is not included in the audit messages logged by > the integrity subsystem. > > Define a new function integrity_audit_message() that takes error code > in the "errno" parameter. Add "errno" field in the audit messages logged > by the integrity subsystem and set the value passed in the "errno" > parameter. > > [ 6.303048] audit: type=1804 audit(1592506281.627:2): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel op=measuring_key cause=ENOMEM comm="swapper/0" name=".builtin_trusted_keys" res=0 errno=-12 > > [ 7.987647] audit: type=1802 audit(1592506283.312:9): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 op=policy_update cause=completed comm="systemd" res=1 errno=0 > > [ 8.019432] audit: type=1804 audit(1592506283.344:10): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 op=measuring_kexec_cmdline cause=hashing_error comm="systemd" name="kexec-cmdline" res=0 errno=-22 > > Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com> > Suggested-by: Steve Grubb <sgrubb@redhat.com> > Suggested-by: Mimi Zohar <zohar@linux.ibm.com> > --- > security/integrity/integrity.h | 13 +++++++++++++ > security/integrity/integrity_audit.c | 11 ++++++++++- > 2 files changed, 23 insertions(+), 1 deletion(-) The audit record changes look good to me. Acked-by: Paul Moore <paul@paul-moore.com> > diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h > index 16c1894c29bb..413c803c5208 100644 > --- a/security/integrity/integrity.h > +++ b/security/integrity/integrity.h > @@ -239,6 +239,11 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode, > const unsigned char *fname, const char *op, > const char *cause, int result, int info); > > +void integrity_audit_message(int audit_msgno, struct inode *inode, > + const unsigned char *fname, const char *op, > + const char *cause, int result, int info, > + int errno); > + > static inline struct audit_buffer * > integrity_audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) > { > @@ -253,6 +258,14 @@ static inline void integrity_audit_msg(int audit_msgno, struct inode *inode, > { > } > > +static inline void integrity_audit_message(int audit_msgno, > + struct inode *inode, > + const unsigned char *fname, > + const char *op, const char *cause, > + int result, int info, int errno) > +{ > +} > + > static inline struct audit_buffer * > integrity_audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) > { > diff --git a/security/integrity/integrity_audit.c b/security/integrity/integrity_audit.c > index 5109173839cc..f25e7df099c8 100644 > --- a/security/integrity/integrity_audit.c > +++ b/security/integrity/integrity_audit.c > @@ -28,6 +28,15 @@ __setup("integrity_audit=", integrity_audit_setup); > void integrity_audit_msg(int audit_msgno, struct inode *inode, > const unsigned char *fname, const char *op, > const char *cause, int result, int audit_info) > +{ > + integrity_audit_message(audit_msgno, inode, fname, op, cause, > + result, audit_info, 0); > +} > + > +void integrity_audit_message(int audit_msgno, struct inode *inode, > + const unsigned char *fname, const char *op, > + const char *cause, int result, int audit_info, > + int errno) > { > struct audit_buffer *ab; > char name[TASK_COMM_LEN]; > @@ -53,6 +62,6 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode, > audit_log_untrustedstring(ab, inode->i_sb->s_id); > audit_log_format(ab, " ino=%lu", inode->i_ino); > } > - audit_log_format(ab, " res=%d", !result); > + audit_log_format(ab, " res=%d errno=%d", !result, errno); > audit_log_end(ab); > } > -- > 2.27.0 >
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h index 16c1894c29bb..413c803c5208 100644 --- a/security/integrity/integrity.h +++ b/security/integrity/integrity.h @@ -239,6 +239,11 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode, const unsigned char *fname, const char *op, const char *cause, int result, int info); +void integrity_audit_message(int audit_msgno, struct inode *inode, + const unsigned char *fname, const char *op, + const char *cause, int result, int info, + int errno); + static inline struct audit_buffer * integrity_audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) { @@ -253,6 +258,14 @@ static inline void integrity_audit_msg(int audit_msgno, struct inode *inode, { } +static inline void integrity_audit_message(int audit_msgno, + struct inode *inode, + const unsigned char *fname, + const char *op, const char *cause, + int result, int info, int errno) +{ +} + static inline struct audit_buffer * integrity_audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) { diff --git a/security/integrity/integrity_audit.c b/security/integrity/integrity_audit.c index 5109173839cc..f25e7df099c8 100644 --- a/security/integrity/integrity_audit.c +++ b/security/integrity/integrity_audit.c @@ -28,6 +28,15 @@ __setup("integrity_audit=", integrity_audit_setup); void integrity_audit_msg(int audit_msgno, struct inode *inode, const unsigned char *fname, const char *op, const char *cause, int result, int audit_info) +{ + integrity_audit_message(audit_msgno, inode, fname, op, cause, + result, audit_info, 0); +} + +void integrity_audit_message(int audit_msgno, struct inode *inode, + const unsigned char *fname, const char *op, + const char *cause, int result, int audit_info, + int errno) { struct audit_buffer *ab; char name[TASK_COMM_LEN]; @@ -53,6 +62,6 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode, audit_log_untrustedstring(ab, inode->i_sb->s_id); audit_log_format(ab, " ino=%lu", inode->i_ino); } - audit_log_format(ab, " res=%d", !result); + audit_log_format(ab, " res=%d errno=%d", !result, errno); audit_log_end(ab); }
Error code is not included in the audit messages logged by the integrity subsystem. Define a new function integrity_audit_message() that takes error code in the "errno" parameter. Add "errno" field in the audit messages logged by the integrity subsystem and set the value passed in the "errno" parameter. [ 6.303048] audit: type=1804 audit(1592506281.627:2): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel op=measuring_key cause=ENOMEM comm="swapper/0" name=".builtin_trusted_keys" res=0 errno=-12 [ 7.987647] audit: type=1802 audit(1592506283.312:9): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 op=policy_update cause=completed comm="systemd" res=1 errno=0 [ 8.019432] audit: type=1804 audit(1592506283.344:10): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 op=measuring_kexec_cmdline cause=hashing_error comm="systemd" name="kexec-cmdline" res=0 errno=-22 Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com> Suggested-by: Steve Grubb <sgrubb@redhat.com> Suggested-by: Mimi Zohar <zohar@linux.ibm.com> --- security/integrity/integrity.h | 13 +++++++++++++ security/integrity/integrity_audit.c | 11 ++++++++++- 2 files changed, 23 insertions(+), 1 deletion(-)