summaryrefslogtreecommitdiffstats
path: root/kernel/audit.c
diff options
context:
space:
mode:
authorRichard Guy Briggs <rgb@redhat.com>2018-11-30 16:13:16 -0500
committerPaul Moore <paul@paul-moore.com>2018-12-03 19:26:10 -0500
commit9a547c7e575fc2501c12081558fda3027d0f2a5e (patch)
treee21f5e34764d4ad44a16b1d54b7e15be3614ecd6 /kernel/audit.c
parent2a1fe215e7300c7ebd6a7a24afcab71db5107bb0 (diff)
downloadlinux-9a547c7e575fc2501c12081558fda3027d0f2a5e.tar.gz
linux-9a547c7e575fc2501c12081558fda3027d0f2a5e.tar.bz2
linux-9a547c7e575fc2501c12081558fda3027d0f2a5e.zip
audit: shorten PATH cap values when zero
Since the vast majority of files (99.993% on a typical system) have no fcaps, display "0" instead of the full zero-padded 16 hex digits in the two PATH record cap_f* fields to save netlink bandwidth and disk space. Simply changing the format to %x won't work since the value is two (or possibly more in the future) 32-bit hexadecimal values concatenated and bits in higher order values will be misrepresented. Passes audit-testsuite and userspace tools already work fine. Please see the github issue tracker for more details https://github.com/linux-audit/audit-kernel/issues/101 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Acked-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'kernel/audit.c')
-rw-r--r--kernel/audit.c10
1 files changed, 6 insertions, 4 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index 779671883349..a0a4544e69ca 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -2059,11 +2059,13 @@ void audit_log_cap(struct audit_buffer *ab, char *prefix, kernel_cap_t *cap)
{
int i;
- audit_log_format(ab, " %s=", prefix);
- CAP_FOR_EACH_U32(i) {
- audit_log_format(ab, "%08x",
- cap->cap[CAP_LAST_U32 - i]);
+ if (cap_isclear(*cap)) {
+ audit_log_format(ab, " %s=0", prefix);
+ return;
}
+ audit_log_format(ab, " %s=", prefix);
+ CAP_FOR_EACH_U32(i)
+ audit_log_format(ab, "%08x", cap->cap[CAP_LAST_U32 - i]);
}
static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name)