lsm: Use a compressed IPv6 string format in audit events

Currently the audit subsystem prints uncompressed IPv6 addresses which not
only differs from common usage but also results in ridiculously large audit
strings which is not a good thing.  This patch fixes this by simply converting
audit to always print compressed IPv6 addresses.

Old message example:

 audit(1253576792.161:30): avc:  denied  { ingress } for
  saddr=0000:0000:0000:0000:0000:0000:0000:0001 src=5000
  daddr=0000:0000:0000:0000:0000:0000:0000:0001 dest=35502 netif=lo
  scontext=system_u:object_r:unlabeled_t:s15:c0.c1023
  tcontext=system_u:object_r:lo_netif_t:s0-s15:c0.c1023 tclass=netif

New message example:

 audit(1253576792.161:30): avc:  denied  { ingress } for
  saddr=::1 src=5000 daddr=::1 dest=35502 netif=lo
  scontext=system_u:object_r:unlabeled_t:s15:c0.c1023
  tcontext=system_u:object_r:lo_netif_t:s0-s15:c0.c1023 tclass=netif

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

diff --git a/security/lsm_audit.c b/security/lsm_audit.c
index 500aad0ebd6acd8af2e63a7cbc8ae0965bbc5cdc..3bb90b6f1dd3db9d697e02209273008eb7a73cc1 100644 (file)
--- a/security/lsm_audit.c
+++ b/security/lsm_audit.c
@@ -187,7 +187,7 @@ static inline void print_ipv6_addr(struct audit_buffer *ab,
                                   char *name1, char *name2)
 {
        if (!ipv6_addr_any(addr))
-               audit_log_format(ab, " %s=%pI6", name1, addr);
+               audit_log_format(ab, " %s=%pI6c", name1, addr);
        if (port)
                audit_log_format(ab, " %s=%d", name2, ntohs(port));
 }