| Message ID | 20220808173429.16318-1-cgzones@googlemail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 142372522c7e |
| Headers | show |
| Series | libselinux: avoid newline in avc message | expand |
On Mon, Aug 8, 2022 at 1:36 PM Christian Göttsche <cgzones@googlemail.com> wrote: > > Do not add a final newline to the avc log message as it will be treated > as a part of the tclass field in final audit record: > > { > "AUDIT_FIELD_EXE" : "/usr/bin/dbus-broker", > "_UID" : "104", > "_AUDIT_SESSION" : "4294967295", > "_TRANSPORT" : "audit", > "__REALTIME_TIMESTAMP" : "1659975331468531", > "_AUDIT_TYPE" : "1107", > "AUDIT_FIELD_SCONTEXT" : "system_u:system_r:systemd_t:s0", > "_AUDIT_LOGINUID" : "4294967295", > "_SELINUX_CONTEXT" : "system_u:system_r:system_dbusd_t:s0-s0:c0.c1023", > "AUDIT_FIELD_SAUID" : "104", > "MESSAGE" : "USER_AVC pid=1538 uid=104 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: granted { send_msg } for scontext=system_u:system_r:systemd_t:s0 tcontext=system_u:system_r:systemd_logind_t:s0 tclass=dbus\n exe=\"/usr/bin/dbus-broker\" sauid=104 hostname=? addr=? terminal=?'", > "AUDIT_FIELD_TCONTEXT" : "system_u:system_r:systemd_logind_t:s0", > "_SOURCE_REALTIME_TIMESTAMP" : "1659975331462000", > "__MONOTONIC_TIMESTAMP" : "207995768", > "AUDIT_FIELD_TCLASS" : "dbus\n", > "AUDIT_FIELD_TERMINAL" : "?", > "_PID" : "1538", > "SYSLOG_FACILITY" : "4", > "_BOOT_ID" : "3921464b65f64fb4a7c037dee97cd6ad", > "SYSLOG_IDENTIFIER" : "audit", > "_MACHINE_ID" : "5d78c28f10d54c0fb7b6fd1acc6af8ff", > "_AUDIT_TYPE_NAME" : "USER_AVC", > "__CURSOR" : "s=84589ce96ff8400189fc515ff892674a;i=c38e;b=3921464b65f64fb4a7c037dee97cd6ad;m=c65c378;t=5e5bd1ff7d4f3;x=c22e610fc9b00b10", > "AUDIT_FIELD_ADDR" : "?", > "AUDIT_FIELD_HOSTNAME" : "?", > "_AUDIT_ID" : "1075", > "_HOSTNAME" : "debianBullseye" > } > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com> > --- > libselinux/src/avc.c | 1 - > 1 file changed, 1 deletion(-) > > diff --git a/libselinux/src/avc.c b/libselinux/src/avc.c > index 7493e4b2..8d5983a2 100644 > --- a/libselinux/src/avc.c > +++ b/libselinux/src/avc.c > @@ -725,7 +725,6 @@ void avc_audit(security_id_t ssid, security_id_t tsid, > if (denied) > log_append(avc_audit_buf, " permissive=%u", result ? 0 : 1); > > - log_append(avc_audit_buf, "\n"); > avc_log(SELINUX_AVC, "%s", avc_audit_buf); > > avc_release_lock(avc_log_lock); > -- > 2.36.1 >
On Wed, Aug 10, 2022 at 11:33 AM James Carter <jwcart2@gmail.com> wrote: > > On Mon, Aug 8, 2022 at 1:36 PM Christian Göttsche > <cgzones@googlemail.com> wrote: > > > > Do not add a final newline to the avc log message as it will be treated > > as a part of the tclass field in final audit record: > > > > { > > "AUDIT_FIELD_EXE" : "/usr/bin/dbus-broker", > > "_UID" : "104", > > "_AUDIT_SESSION" : "4294967295", > > "_TRANSPORT" : "audit", > > "__REALTIME_TIMESTAMP" : "1659975331468531", > > "_AUDIT_TYPE" : "1107", > > "AUDIT_FIELD_SCONTEXT" : "system_u:system_r:systemd_t:s0", > > "_AUDIT_LOGINUID" : "4294967295", > > "_SELINUX_CONTEXT" : "system_u:system_r:system_dbusd_t:s0-s0:c0.c1023", > > "AUDIT_FIELD_SAUID" : "104", > > "MESSAGE" : "USER_AVC pid=1538 uid=104 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: granted { send_msg } for scontext=system_u:system_r:systemd_t:s0 tcontext=system_u:system_r:systemd_logind_t:s0 tclass=dbus\n exe=\"/usr/bin/dbus-broker\" sauid=104 hostname=? addr=? terminal=?'", > > "AUDIT_FIELD_TCONTEXT" : "system_u:system_r:systemd_logind_t:s0", > > "_SOURCE_REALTIME_TIMESTAMP" : "1659975331462000", > > "__MONOTONIC_TIMESTAMP" : "207995768", > > "AUDIT_FIELD_TCLASS" : "dbus\n", > > "AUDIT_FIELD_TERMINAL" : "?", > > "_PID" : "1538", > > "SYSLOG_FACILITY" : "4", > > "_BOOT_ID" : "3921464b65f64fb4a7c037dee97cd6ad", > > "SYSLOG_IDENTIFIER" : "audit", > > "_MACHINE_ID" : "5d78c28f10d54c0fb7b6fd1acc6af8ff", > > "_AUDIT_TYPE_NAME" : "USER_AVC", > > "__CURSOR" : "s=84589ce96ff8400189fc515ff892674a;i=c38e;b=3921464b65f64fb4a7c037dee97cd6ad;m=c65c378;t=5e5bd1ff7d4f3;x=c22e610fc9b00b10", > > "AUDIT_FIELD_ADDR" : "?", > > "AUDIT_FIELD_HOSTNAME" : "?", > > "_AUDIT_ID" : "1075", > > "_HOSTNAME" : "debianBullseye" > > } > > > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> > > Acked-by: James Carter <jwcart2@gmail.com> > Merged. Thanks, Jim > > --- > > libselinux/src/avc.c | 1 - > > 1 file changed, 1 deletion(-) > > > > diff --git a/libselinux/src/avc.c b/libselinux/src/avc.c > > index 7493e4b2..8d5983a2 100644 > > --- a/libselinux/src/avc.c > > +++ b/libselinux/src/avc.c > > @@ -725,7 +725,6 @@ void avc_audit(security_id_t ssid, security_id_t tsid, > > if (denied) > > log_append(avc_audit_buf, " permissive=%u", result ? 0 : 1); > > > > - log_append(avc_audit_buf, "\n"); > > avc_log(SELINUX_AVC, "%s", avc_audit_buf); > > > > avc_release_lock(avc_log_lock); > > -- > > 2.36.1 > >
diff --git a/libselinux/src/avc.c b/libselinux/src/avc.c index 7493e4b2..8d5983a2 100644 --- a/libselinux/src/avc.c +++ b/libselinux/src/avc.c @@ -725,7 +725,6 @@ void avc_audit(security_id_t ssid, security_id_t tsid, if (denied) log_append(avc_audit_buf, " permissive=%u", result ? 0 : 1); - log_append(avc_audit_buf, "\n"); avc_log(SELINUX_AVC, "%s", avc_audit_buf); avc_release_lock(avc_log_lock);
Do not add a final newline to the avc log message as it will be treated as a part of the tclass field in final audit record: { "AUDIT_FIELD_EXE" : "/usr/bin/dbus-broker", "_UID" : "104", "_AUDIT_SESSION" : "4294967295", "_TRANSPORT" : "audit", "__REALTIME_TIMESTAMP" : "1659975331468531", "_AUDIT_TYPE" : "1107", "AUDIT_FIELD_SCONTEXT" : "system_u:system_r:systemd_t:s0", "_AUDIT_LOGINUID" : "4294967295", "_SELINUX_CONTEXT" : "system_u:system_r:system_dbusd_t:s0-s0:c0.c1023", "AUDIT_FIELD_SAUID" : "104", "MESSAGE" : "USER_AVC pid=1538 uid=104 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: granted { send_msg } for scontext=system_u:system_r:systemd_t:s0 tcontext=system_u:system_r:systemd_logind_t:s0 tclass=dbus\n exe=\"/usr/bin/dbus-broker\" sauid=104 hostname=? addr=? terminal=?'", "AUDIT_FIELD_TCONTEXT" : "system_u:system_r:systemd_logind_t:s0", "_SOURCE_REALTIME_TIMESTAMP" : "1659975331462000", "__MONOTONIC_TIMESTAMP" : "207995768", "AUDIT_FIELD_TCLASS" : "dbus\n", "AUDIT_FIELD_TERMINAL" : "?", "_PID" : "1538", "SYSLOG_FACILITY" : "4", "_BOOT_ID" : "3921464b65f64fb4a7c037dee97cd6ad", "SYSLOG_IDENTIFIER" : "audit", "_MACHINE_ID" : "5d78c28f10d54c0fb7b6fd1acc6af8ff", "_AUDIT_TYPE_NAME" : "USER_AVC", "__CURSOR" : "s=84589ce96ff8400189fc515ff892674a;i=c38e;b=3921464b65f64fb4a7c037dee97cd6ad;m=c65c378;t=5e5bd1ff7d4f3;x=c22e610fc9b00b10", "AUDIT_FIELD_ADDR" : "?", "AUDIT_FIELD_HOSTNAME" : "?", "_AUDIT_ID" : "1075", "_HOSTNAME" : "debianBullseye" } Signed-off-by: Christian Göttsche <cgzones@googlemail.com> --- libselinux/src/avc.c | 1 - 1 file changed, 1 deletion(-)