[libsemanage/f20] Add msg to audit records
Daniel J Walsh
dwalsh at fedoraproject.org
Mon Sep 23 19:14:01 UTC 2013
commit a6ecf474d2078918f72d7d9bbc313cd7b7d1c9df
Author: Dan Walsh <dwalsh at redhat.com>
Date: Mon Sep 23 15:13:49 2013 -0400
Add msg to audit records
libsemanage-rhat.patch | 24 +++++++++++++++++++++---
libsemanage.spec | 5 ++++-
2 files changed, 25 insertions(+), 4 deletions(-)
---
diff --git a/libsemanage-rhat.patch b/libsemanage-rhat.patch
index ad45297..e7bff36 100644
--- a/libsemanage-rhat.patch
+++ b/libsemanage-rhat.patch
@@ -254,10 +254,10 @@ index 8823b1e..d92633e 100644
hidden_def(semanage_seuser_set_sename)
diff --git a/libsemanage/src/seusers_local.c b/libsemanage/src/seusers_local.c
-index e7cf12c..d8020a9 100644
+index e7cf12c..c77be73 100644
--- a/libsemanage/src/seusers_local.c
+++ b/libsemanage/src/seusers_local.c
-@@ -8,27 +8,131 @@ typedef struct semanage_seuser record_t;
+@@ -8,27 +8,149 @@ typedef struct semanage_seuser record_t;
#include <sepol/policydb.h>
#include <sepol/context.h>
@@ -316,6 +316,10 @@ index e7cf12c..d8020a9 100644
+ const char *psename = NULL;
+ const char *pmls = NULL;
+ char *proles = NULL;
++ char msg[1024];
++ const char *sep = "-";
++
++ strcpy(msg,"login");
+ if (seuser) {
+ name = semanage_seuser_get_name(seuser);
+ sename = semanage_seuser_get_sename(seuser);
@@ -327,6 +331,20 @@ index e7cf12c..d8020a9 100644
+ pmls = semanage_seuser_get_mlsrange(previous);
+ proles = semanage_user_roles(handle, psename);
+ }
++ if (audit_type != AUDIT_ROLE_REMOVE) {
++ if (!psename || strcmp(psename, sename) != 0) {
++ sprintf(msg,"%s%s%s",msg, sep,"sename");
++ sep = ",";
++ }
++ if (!proles || strcmp(proles, roles) != 0) {
++ sprintf(msg,"%s%s%s",msg, sep,"role");
++ sep = ",";
++ }
++ if (!pmls || strcmp(pmls, mls) != 0) {
++ sprintf(msg,"%s%s%s",msg, sep,"range");
++ sep = ",";
++ }
++ }
+
+ int fd = audit_open();
+ if (fd < 0)
@@ -336,7 +354,7 @@ index e7cf12c..d8020a9 100644
+ return 0;
+ return fd;
+ }
-+ audit_log_semanage_message(fd, audit_type, NULL, NULL, name, 0, sename, roles, mls, psename, proles, pmls, NULL, NULL,NULL, success);
++ audit_log_semanage_message(fd, audit_type, NULL, msg, name, 0, sename, roles, mls, psename, proles, pmls, NULL, NULL,NULL, success);
+ audit_close(fd);
+ free(roles);
+ free(proles);
diff --git a/libsemanage.spec b/libsemanage.spec
index dd3a771..ad111c1 100644
--- a/libsemanage.spec
+++ b/libsemanage.spec
@@ -7,7 +7,7 @@
Summary: SELinux binary policy manipulation library
Name: libsemanage
Version: 2.1.10
-Release: 10%{?dist}
+Release: 11%{?dist}
License: LGPLv2+
Group: System Environment/Libraries
Source: libsemanage-%{version}.tgz
@@ -179,6 +179,9 @@ rm -rf ${RPM_BUILD_ROOT}
%endif # if with_python3
%changelog
+* Mon Sep 23 2013 Dan Walsh <dwalsh at redhat.com> - 2.1.10-11
+- Add msg to audit records
+
* Thu Sep 19 2013 Dan Walsh <dwalsh at redhat.com> - 2.1.10-10
- Do not write error message to screen when looking for previous record for auditing.
- Add mls_range from user record if the MLS range is not specified by the seuser add record.
More information about the scm-commits
mailing list