rpms/libsemanage
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Add msg to audit records

Browse Source
This commit is contained in:
Dan Walsh 2013-09-23 15:11:52 -04:00
parent 4bccd198db
commit a7e3a97407
2 changed files with 25 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
libsemanage-rhat.patch
View File

@ -254,10 +254,10 @@ index 8823b1e..d92633e 100644
hidden_def(semanage_seuser_set_sename) hidden_def(semanage_seuser_set_sename)
diff --git a/libsemanage/src/seusers_local.c b/libsemanage/src/seusers_local.c diff --git a/libsemanage/src/seusers_local.c b/libsemanage/src/seusers_local.c
index e7cf12c..d8020a9 100644 index e7cf12c..c77be73 100644
--- a/libsemanage/src/seusers_local.c --- a/libsemanage/src/seusers_local.c
+++ b/libsemanage/src/seusers_local.c +++ b/libsemanage/src/seusers_local.c
@@ -8,27 +8,131 @@ typedef struct semanage_seuser record_t; @@ -8,27 +8,149 @@ typedef struct semanage_seuser record_t;
#include <sepol/policydb.h> #include <sepol/policydb.h>
#include <sepol/context.h> #include <sepol/context.h>
@ -316,6 +316,10 @@ index e7cf12c..d8020a9 100644
+ const char *psename = NULL; + const char *psename = NULL;
+ const char *pmls = NULL; + const char *pmls = NULL;
+ char *proles = NULL; + char *proles = NULL;
+ char msg[1024];
+ const char *sep = "-";
+
+ strcpy(msg,"login");
+ if (seuser) { + if (seuser) {
+ name = semanage_seuser_get_name(seuser); + name = semanage_seuser_get_name(seuser);
+ sename = semanage_seuser_get_sename(seuser); + sename = semanage_seuser_get_sename(seuser);
@ -327,6 +331,20 @@ index e7cf12c..d8020a9 100644
+ pmls = semanage_seuser_get_mlsrange(previous); + pmls = semanage_seuser_get_mlsrange(previous);
+ proles = semanage_user_roles(handle, psename); + proles = semanage_user_roles(handle, psename);
+ } + }
+ if (audit_type != AUDIT_ROLE_REMOVE) {
+ if (!psename || strcmp(psename, sename) != 0) {
+ sprintf(msg,"%s%s%s",msg, sep,"sename");
+ sep = ",";
+ }
+ if (!proles || strcmp(proles, roles) != 0) {
+ sprintf(msg,"%s%s%s",msg, sep,"role");
+ sep = ",";
+ }
+ if (!pmls || strcmp(pmls, mls) != 0) {
+ sprintf(msg,"%s%s%s",msg, sep,"range");
+ sep = ",";
+ }
+ }
+ +
+ int fd = audit_open(); + int fd = audit_open();
+ if (fd < 0) + if (fd < 0)
@ -336,7 +354,7 @@ index e7cf12c..d8020a9 100644
+ return 0; + return 0;
+ return fd; + return fd;
+ } + }
+ audit_log_semanage_message(fd, audit_type, NULL, NULL, name, 0, sename, roles, mls, psename, proles, pmls, NULL, NULL,NULL, success); + audit_log_semanage_message(fd, audit_type, NULL, msg, name, 0, sename, roles, mls, psename, proles, pmls, NULL, NULL,NULL, success);
+ audit_close(fd); + audit_close(fd);
+ free(roles); + free(roles);
+ free(proles); + free(proles);

5
libsemanage.spec
View File

@ -7,7 +7,7 @@
Summary: SELinux binary policy manipulation library Summary: SELinux binary policy manipulation library
Name: libsemanage Name: libsemanage
Version: 2.1.10 Version: 2.1.10
Release: 10%{?dist} Release: 11%{?dist}
License: LGPLv2+ License: LGPLv2+
Group: System Environment/Libraries Group: System Environment/Libraries
Source: libsemanage-%{version}.tgz Source: libsemanage-%{version}.tgz
@ -179,6 +179,9 @@ rm -rf ${RPM_BUILD_ROOT}
%endif # if with_python3 %endif # if with_python3
%changelog %changelog
* Mon Sep 23 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-11
- Add msg to audit records
* Thu Sep 19 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-10 * Thu Sep 19 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-10
- Do not write error message to screen when looking for previous record for auditing. - Do not write error message to screen when looking for previous record for auditing.
- Add mls_range from user record if the MLS range is not specified by the seuser add record. - Add mls_range from user record if the MLS range is not specified by the seuser add record.