[PATCH] Add tty to syscall audit records
authorSteve Grubb <sgrubb@redhat.com>
Sun, 1 Jan 2006 19:07:00 +0000 (14:07 -0500)
committerAl Viro <viro@zeniv.linux.org.uk>
Mon, 20 Mar 2006 19:08:55 +0000 (14:08 -0500)
Hi,

>From the RBAC specs:

FAU_SAR.1.1 The TSF shall provide the set of authorized
RBAC administrators with the capability to read the following
audit information from the audit records:

<snip>
(e) The User Session Identifier or Terminal Type

A patch adding the tty for all syscalls is included in this email.
Please apply.

Signed-off-by: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
kernel/auditsc.c

index ba087885477786ab1a076cb7202e9fb62d485d5c..d3d499272d1392eda45fea179131856661585455 100644 (file)
@@ -57,6 +57,7 @@
 #include <asm/unistd.h>
 #include <linux/security.h>
 #include <linux/list.h>
+#include <linux/tty.h>
 
 #include "audit.h"
 
@@ -573,6 +574,7 @@ static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask)
        int i;
        struct audit_buffer *ab;
        struct audit_aux_data *aux;
+       const char *tty;
 
        ab = audit_log_start(context, gfp_mask, AUDIT_SYSCALL);
        if (!ab)
@@ -585,11 +587,15 @@ static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask)
                audit_log_format(ab, " success=%s exit=%ld", 
                                 (context->return_valid==AUDITSC_SUCCESS)?"yes":"no",
                                 context->return_code);
+       if (current->signal->tty && current->signal->tty->name)
+               tty = current->signal->tty->name;
+       else
+               tty = "(none)";
        audit_log_format(ab,
                  " a0=%lx a1=%lx a2=%lx a3=%lx items=%d"
                  " pid=%d auid=%u uid=%u gid=%u"
                  " euid=%u suid=%u fsuid=%u"
-                 " egid=%u sgid=%u fsgid=%u",
+                 " egid=%u sgid=%u fsgid=%u tty=%s",
                  context->argv[0],
                  context->argv[1],
                  context->argv[2],
@@ -600,7 +606,7 @@ static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask)
                  context->uid,
                  context->gid,
                  context->euid, context->suid, context->fsuid,
-                 context->egid, context->sgid, context->fsgid);
+                 context->egid, context->sgid, context->fsgid, tty);
        audit_log_task_info(ab, gfp_mask);
        audit_log_end(ab);