summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorRichard Guy Briggs <rgb@redhat.com>2014-09-18 20:47:48 -0400
committerPaul Moore <pmoore@redhat.com>2014-09-22 17:02:10 -0400
commit4093a8443941d7021c7f747474a87a56cf666270 (patch)
tree46febf759a27726f3807e4219b780174ae94283c /security
parente173fb2646a832b424c80904c306b816760ce477 (diff)
downloadlinux-stable-4093a8443941d7021c7f747474a87a56cf666270.tar.gz
linux-stable-4093a8443941d7021c7f747474a87a56cf666270.tar.bz2
linux-stable-4093a8443941d7021c7f747474a87a56cf666270.zip
selinux: normalize audit log formatting
Restructure to keyword=value pairs without spaces. Drop superfluous words in text. Make invalid_context a keyword. Change result= keyword to seresult=. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> [Minor rewrite to the patch subject line] Signed-off-by: Paul Moore <pmoore@redhat.com>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/ss/services.c14
1 files changed, 8 insertions, 6 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 2aa9d172dc7e..a1d3944751b9 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -728,7 +728,7 @@ static int security_validtrans_handle_fail(struct context *ocontext,
if (context_struct_to_string(tcontext, &t, &tlen))
goto out;
audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
- "security_validate_transition: denied for"
+ "op=security_validate_transition seresult=denied"
" oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",
o, n, t, sym_name(&policydb, SYM_CLASSES, tclass-1));
out:
@@ -877,7 +877,7 @@ int security_bounded_transition(u32 old_sid, u32 new_sid)
audit_log(current->audit_context,
GFP_ATOMIC, AUDIT_SELINUX_ERR,
"op=security_bounded_transition "
- "result=denied "
+ "seresult=denied "
"oldcontext=%s newcontext=%s",
old_name, new_name);
}
@@ -1351,8 +1351,8 @@ static int compute_sid_handle_invalid_context(
if (context_struct_to_string(newcontext, &n, &nlen))
goto out;
audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
- "security_compute_sid: invalid context %s"
- " for scontext=%s"
+ "op=security_compute_sid invalid_context=%s"
+ " scontext=%s"
" tcontext=%s"
" tclass=%s",
n, s, t, sym_name(&policydb, SYM_CLASSES, tclass-1));
@@ -2607,8 +2607,10 @@ int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid)
rc = convert_context_handle_invalid_context(&newcon);
if (rc) {
if (!context_struct_to_string(&newcon, &s, &len)) {
- audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
- "security_sid_mls_copy: invalid context %s", s);
+ audit_log(current->audit_context,
+ GFP_ATOMIC, AUDIT_SELINUX_ERR,
+ "op=security_sid_mls_copy "
+ "invalid_context=%s", s);
kfree(s);
}
goto out_unlock;