audit/audit-1.7.2-avc.patch
Steve Grubb d0505052ce - Fix overflow in audit_log_user_command, better (#438840)
- ausearch was not matching path in avc records
- audisp-prelude attempt to reposition index after examining each type
- correct building of mls policy
2008-04-17 21:14:24 +00:00

22 lines
598 B
Diff

diff -urp audit-1.7.2.orig/src/ausearch-parse.c audit-1.7.2/src/ausearch-parse.c
--- audit-1.7.2.orig/src/ausearch-parse.c 2008-04-09 14:26:27.000000000 -0400
+++ audit-1.7.2/src/ausearch-parse.c 2008-04-17 10:44:10.000000000 -0400
@@ -1208,6 +1212,17 @@ static int parse_avc(const lnode *n, sea
term = str + 6;
}
}
+ if (event_filename) {
+ // do we have a path?
+ str = strstr(term, " path=");
+ if (str) {
+ str += 6;
+ rc = common_path_parser(s, str);
+ if (rc)
+ goto err;
+ term += 7;
+ }
+ }
if (event_subject) {
// scontext
str = strstr(term, "scontext=");