summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOndrej Mosnacek <omosnace@redhat.com>2021-09-14 16:15:16 +0300
committerPaul Moore <paul@paul-moore.com>2021-09-20 05:47:04 +0300
commit8e71168e2cc760e2d016ad99a59773169211472f (patch)
tree7c03f0b777553148d2d26db0c9c58130a385dd98
parentd680c6b49c5edb532e3e5a134d9f48f000a691e1 (diff)
downloadlinux-8e71168e2cc760e2d016ad99a59773169211472f.tar.xz
lsm_audit: avoid overloading the "key" audit field
The "key" field is used to associate records with the rule that triggered them, os it's not a good idea to overload it with an additional IPC key semantic. Moreover, as the classic "key" field is a text field, while the IPC key is numeric, AVC records containing the IPC key info actually confuse audit userspace, which tries to interpret the number as a hex-encoded string, thus showing garbage for example in the ausearch "interpret" output mode. Hence, change it to "ipc_key" to fix both issues and also make the meaning of this field more clear. Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Reviewed-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
-rw-r--r--security/lsm_audit.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/lsm_audit.c b/security/lsm_audit.c
index 5a5016ef43b0..1897cbf6fc69 100644
--- a/security/lsm_audit.c
+++ b/security/lsm_audit.c
@@ -224,7 +224,7 @@ static void dump_common_audit_data(struct audit_buffer *ab,
case LSM_AUDIT_DATA_NONE:
return;
case LSM_AUDIT_DATA_IPC:
- audit_log_format(ab, " key=%d ", a->u.ipc_id);
+ audit_log_format(ab, " ipc_key=%d ", a->u.ipc_id);
break;
case LSM_AUDIT_DATA_CAP:
audit_log_format(ab, " capability=%d ", a->u.cap);