summaryrefslogtreecommitdiff
path: root/kernel/auditsc.c
diff options
context:
space:
mode:
authorSteve Grubb <sgrubb@redhat.com>2006-01-01 14:07:00 -0500
committerAl Viro <viro@zeniv.linux.org.uk>2006-03-20 14:08:55 -0500
commita6c043a887a9db32a545539426ddfc8cc2c28f8f (patch)
tree61269890edbf13a5bb2ae41eb4aba9353a2382b8 /kernel/auditsc.c
parent5d3301088f7e412992d9e61cc3604cbdff3090ff (diff)
downloadlwn-a6c043a887a9db32a545539426ddfc8cc2c28f8f.tar.gz
lwn-a6c043a887a9db32a545539426ddfc8cc2c28f8f.zip
[PATCH] Add tty to syscall audit records
Hi, >From the RBAC specs: FAU_SAR.1.1 The TSF shall provide the set of authorized RBAC administrators with the capability to read the following audit information from the audit records: <snip> (e) The User Session Identifier or Terminal Type A patch adding the tty for all syscalls is included in this email. Please apply. Signed-off-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'kernel/auditsc.c')
-rw-r--r--kernel/auditsc.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index ba0878854777..d3d499272d13 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -57,6 +57,7 @@
#include <asm/unistd.h>
#include <linux/security.h>
#include <linux/list.h>
+#include <linux/tty.h>
#include "audit.h"
@@ -573,6 +574,7 @@ static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask)
int i;
struct audit_buffer *ab;
struct audit_aux_data *aux;
+ const char *tty;
ab = audit_log_start(context, gfp_mask, AUDIT_SYSCALL);
if (!ab)
@@ -585,11 +587,15 @@ static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask)
audit_log_format(ab, " success=%s exit=%ld",
(context->return_valid==AUDITSC_SUCCESS)?"yes":"no",
context->return_code);
+ if (current->signal->tty && current->signal->tty->name)
+ tty = current->signal->tty->name;
+ else
+ tty = "(none)";
audit_log_format(ab,
" a0=%lx a1=%lx a2=%lx a3=%lx items=%d"
" pid=%d auid=%u uid=%u gid=%u"
" euid=%u suid=%u fsuid=%u"
- " egid=%u sgid=%u fsgid=%u",
+ " egid=%u sgid=%u fsgid=%u tty=%s",
context->argv[0],
context->argv[1],
context->argv[2],
@@ -600,7 +606,7 @@ static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask)
context->uid,
context->gid,
context->euid, context->suid, context->fsuid,
- context->egid, context->sgid, context->fsgid);
+ context->egid, context->sgid, context->fsgid, tty);
audit_log_task_info(ab, gfp_mask);
audit_log_end(ab);