mirror of
https://gitlab.com/apparmor/apparmor
synced 2025-08-31 14:25:52 +00:00
- Added the timestamp from the audit ID ('epoch')
to aa_log_record.
- Added the integer that follows the colon in the
audit ID ('audit_sub_id') to aa_log_record.
- Modified the testsuite to deal with the two new
numbers.
This commit is contained in:
Matt Barringer
@@ -118,9 +118,11 @@ typedef struct
|
||||
long pid; /* PID of the program logging the message */
|
||||
long task;
|
||||
long magic_token;
|
||||
long epoch; /* example: 12345679 */
|
||||
unsigned int audit_sub_id; /* example: 12 */
|
||||
|
||||
int bitmask; /* Bitmask containing "r" "w" "x" etc */
|
||||
char *audit_id;
|
||||
char *audit_id; /* example: 12345679.1234:12 */
|
||||
char *operation; /* "Exec" "Ptrace", etc. */
|
||||
char *denied_mask; /* "r", "w", etc. */
|
||||
char *requested_mask;
|
||||
|
||||
@@ -311,6 +311,8 @@ old_profile:
|
||||
audit_msg: TOK_KEY_MSG TOK_EQUALS TOK_AUDIT TOK_OPEN_PAREN TOK_AUDIT_DIGITS TOK_PERIOD TOK_AUDIT_DIGITS TOK_COLON TOK_AUDIT_DIGITS TOK_CLOSE_PAREN TOK_COLON
|
||||
{
|
||||
asprintf(&ret_record->audit_id, "%s.%s:%s", $5, $7, $9);
|
||||
ret_record->epoch = atol($5);
|
||||
ret_record->audit_sub_id = atoi($9);
|
||||
free($5);
|
||||
free($7);
|
||||
free($9);
|
||||
|
||||
@@ -94,6 +94,8 @@ _init_log_record(aa_log_record *record)
|
||||
record->bitmask = 0;
|
||||
record->task = 0;
|
||||
record->magic_token = 0;
|
||||
record->epoch = 0;
|
||||
record->audit_sub_id = 0;
|
||||
|
||||
record->audit_id = NULL;
|
||||
record->operation = NULL;
|
||||
|
||||
@@ -165,5 +165,7 @@ int print_results(aa_log_record *record)
|
||||
{
|
||||
printf("Protocol: %s\n", record->net_protocol);
|
||||
}
|
||||
printf("Epoch: %lu\n", record->epoch);
|
||||
printf("Audit subid: %u\n", record->audit_sub_id);
|
||||
return(0);
|
||||
}
|
||||
|
||||
@@ -16,3 +16,5 @@ PID: 31938
|
||||
Network family: family
|
||||
Socket type: unknown(1234)
|
||||
Protocol: tcp
|
||||
Epoch: 1181057184
|
||||
Audit subid: 7
|
||||
|
||||
@@ -7,3 +7,5 @@ Profile: /home/matt/projects/change_hat_test/test_hat
|
||||
Task: 38229
|
||||
PID: 27764
|
||||
Active hat: /home/matt/projects/change_hat_test/test_hat
|
||||
Epoch: 1168661976
|
||||
Audit subid: 55
|
||||
|
||||
@@ -5,3 +5,5 @@ Audit ID: 1168661976.062:55
|
||||
Operation: clone
|
||||
Task: 38229
|
||||
PID: 27764
|
||||
Epoch: 1168661976
|
||||
Audit subid: 55
|
||||
|
||||
@@ -9,3 +9,5 @@ Name: /home/matt/projects/change_hat_test/test
|
||||
Info: test_hat
|
||||
PID: 27871
|
||||
Active hat: null-complain-profile
|
||||
Epoch: 1168662182
|
||||
Audit subid: 58
|
||||
|
||||
@@ -8,3 +8,5 @@ Name: TESTHAT
|
||||
Info: unknown_hat
|
||||
PID: 27764
|
||||
Active hat: /home/matt/projects/change_hat_test/test_hat
|
||||
Epoch: 1168661976
|
||||
Audit subid: 55
|
||||
|
||||
@@ -9,3 +9,5 @@ Name: /bin/freak-aa-out
|
||||
Info: bash
|
||||
PID: 23415
|
||||
Active hat: /bin/freak-aa-out
|
||||
Epoch: 1167188680
|
||||
Audit subid: 54
|
||||
|
||||
@@ -8,3 +8,5 @@ Name: /path/to/something
|
||||
Info: bash
|
||||
PID: 23415
|
||||
Active hat: /bin/freak-aa-out
|
||||
Epoch: 1167188680
|
||||
Audit subid: 54
|
||||
|
||||
@@ -8,3 +8,5 @@ Name: /path/to/something
|
||||
Info: bash
|
||||
PID: 23415
|
||||
Active hat: /bin/freak-aa-out
|
||||
Epoch: 1167188680
|
||||
Audit subid: 54
|
||||
|
||||
@@ -9,3 +9,5 @@ Attribute: set
|
||||
Info: bash
|
||||
PID: 23415
|
||||
Active hat: /bin/freak-aa-out
|
||||
Epoch: 1167188680
|
||||
Audit subid: 54
|
||||
|
||||
@@ -9,3 +9,5 @@ Attribute: something
|
||||
Info: bash
|
||||
PID: 23415
|
||||
Active hat: /bin/freak-aa-out
|
||||
Epoch: 1167188680
|
||||
Audit subid: 54
|
||||
|
||||
@@ -8,3 +8,5 @@ Name: cap
|
||||
Info: bash
|
||||
PID: 23415
|
||||
Active hat: /bin/freak-aa-out
|
||||
Epoch: 1167188680
|
||||
Audit subid: 54
|
||||
|
||||
Reference in New Issue
Block a user