diff options
author | Eric Paris <eparis@redhat.com> | 2012-10-23 08:58:35 -0400 |
---|---|---|
committer | Eric Paris <eparis@redhat.com> | 2013-04-11 15:39:10 -0400 |
commit | ad395abece974e50cfd7ddd509a4faae8e238a40 (patch) | |
tree | 66a12a3d4a18a6cca40466462cf9737df0f9f0b7 /kernel | |
parent | f7616102d6f62d51cffb796d4672ad81fef00fea (diff) | |
download | lwn-ad395abece974e50cfd7ddd509a4faae8e238a40.tar.gz lwn-ad395abece974e50cfd7ddd509a4faae8e238a40.zip |
Audit: do not print error when LSMs disabled
RHBZ: 785936
If the audit system collects a record about one process sending a signal
to another process it includes in that collection the 'secid' or 'an int
used to represet an LSM label.' If there is no LSM enabled it will
collect a 0. The problem is that when we attempt to print that record
we ask the LSM to convert the secid back to a string. Since there is no
LSM it returns EOPNOTSUPP.
Most code in the audit system checks if the secid is 0 and does not
print LSM info in that case. The signal information code however forgot
that check. Thus users will see a message in syslog indicating that
converting the sid to string failed. Add the right check.
Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/auditsc.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index b536d22fe56f..67df4ee1d3b6 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1205,12 +1205,14 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); - if (security_secid_to_secctx(sid, &ctx, &len)) { - audit_log_format(ab, " obj=(none)"); - rc = 1; - } else { - audit_log_format(ab, " obj=%s", ctx); - security_release_secctx(ctx, len); + if (sid) { + if (security_secid_to_secctx(sid, &ctx, &len)) { + audit_log_format(ab, " obj=(none)"); + rc = 1; + } else { + audit_log_format(ab, " obj=%s", ctx); + security_release_secctx(ctx, len); + } } audit_log_format(ab, " ocomm="); audit_log_untrustedstring(ab, comm); |