diff --git a/libsemanage-rhat.patch b/libsemanage-rhat.patch index ad45297..e7bff36 100644 --- a/libsemanage-rhat.patch +++ b/libsemanage-rhat.patch @@ -254,10 +254,10 @@ index 8823b1e..d92633e 100644 hidden_def(semanage_seuser_set_sename) diff --git a/libsemanage/src/seusers_local.c b/libsemanage/src/seusers_local.c -index e7cf12c..d8020a9 100644 +index e7cf12c..c77be73 100644 --- a/libsemanage/src/seusers_local.c +++ b/libsemanage/src/seusers_local.c -@@ -8,27 +8,131 @@ typedef struct semanage_seuser record_t; +@@ -8,27 +8,149 @@ typedef struct semanage_seuser record_t; #include #include @@ -316,6 +316,10 @@ index e7cf12c..d8020a9 100644 + const char *psename = NULL; + const char *pmls = NULL; + char *proles = NULL; ++ char msg[1024]; ++ const char *sep = "-"; ++ ++ strcpy(msg,"login"); + if (seuser) { + name = semanage_seuser_get_name(seuser); + sename = semanage_seuser_get_sename(seuser); @@ -327,6 +331,20 @@ index e7cf12c..d8020a9 100644 + pmls = semanage_seuser_get_mlsrange(previous); + proles = semanage_user_roles(handle, psename); + } ++ if (audit_type != AUDIT_ROLE_REMOVE) { ++ if (!psename || strcmp(psename, sename) != 0) { ++ sprintf(msg,"%s%s%s",msg, sep,"sename"); ++ sep = ","; ++ } ++ if (!proles || strcmp(proles, roles) != 0) { ++ sprintf(msg,"%s%s%s",msg, sep,"role"); ++ sep = ","; ++ } ++ if (!pmls || strcmp(pmls, mls) != 0) { ++ sprintf(msg,"%s%s%s",msg, sep,"range"); ++ sep = ","; ++ } ++ } + + int fd = audit_open(); + if (fd < 0) @@ -336,7 +354,7 @@ index e7cf12c..d8020a9 100644 + return 0; + return fd; + } -+ audit_log_semanage_message(fd, audit_type, NULL, NULL, name, 0, sename, roles, mls, psename, proles, pmls, NULL, NULL,NULL, success); ++ audit_log_semanage_message(fd, audit_type, NULL, msg, name, 0, sename, roles, mls, psename, proles, pmls, NULL, NULL,NULL, success); + audit_close(fd); + free(roles); + free(proles); diff --git a/libsemanage.spec b/libsemanage.spec index dd3a771..ad111c1 100644 --- a/libsemanage.spec +++ b/libsemanage.spec @@ -7,7 +7,7 @@ Summary: SELinux binary policy manipulation library Name: libsemanage Version: 2.1.10 -Release: 10%{?dist} +Release: 11%{?dist} License: LGPLv2+ Group: System Environment/Libraries Source: libsemanage-%{version}.tgz @@ -179,6 +179,9 @@ rm -rf ${RPM_BUILD_ROOT} %endif # if with_python3 %changelog +* Mon Sep 23 2013 Dan Walsh - 2.1.10-11 +- Add msg to audit records + * Thu Sep 19 2013 Dan Walsh - 2.1.10-10 - Do not write error message to screen when looking for previous record for auditing. - Add mls_range from user record if the MLS range is not specified by the seuser add record.