AUDIT: Unify auid reporting, put arch before syscall number

author David Woodhouse <dwmw2@shinybook.infradead.org>

Mon, 23 May 2005 20:35:28 +0000 (21:35 +0100)

committer David Woodhouse <dwmw2@shinybook.infradead.org>

Mon, 23 May 2005 20:35:28 +0000 (21:35 +0100)
author David Woodhouse <dwmw2@shinybook.infradead.org>
Mon, 23 May 2005 20:35:28 +0000 (21:35 +0100)
committer David Woodhouse <dwmw2@shinybook.infradead.org>
Mon, 23 May 2005 20:35:28 +0000 (21:35 +0100)
diff --git a/kernel/audit.c b/kernel/audit.c

index 35306f4..ef35166 100644 (file)
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -234,7 +234,7 @@ static int audit_set_rate_limit(int limit, uid_t loginuid)
         int old          = audit_rate_limit;
         audit_rate_limit = limit;
         audit_log(NULL, AUDIT_CONFIG_CHANGE, 
-                       "audit_rate_limit=%d old=%d by auid %u",
+                       "audit_rate_limit=%d old=%d by auid=%u",
                         audit_rate_limit, old, loginuid);
         return old;
  }
@@ -244,7 +244,7 @@ static int audit_set_backlog_limit(int limit, uid_t loginuid)
         int old          = audit_backlog_limit;
         audit_backlog_limit = limit;
         audit_log(NULL, AUDIT_CONFIG_CHANGE,
-                       "audit_backlog_limit=%d old=%d by auid %u",
+                       "audit_backlog_limit=%d old=%d by auid=%u",
                         audit_backlog_limit, old, loginuid);
         return old;
  }
@@ -256,7 +256,7 @@ static int audit_set_enabled(int state, uid_t loginuid)
                 return -EINVAL;
         audit_enabled = state;
         audit_log(NULL, AUDIT_CONFIG_CHANGE,
-                       "audit_enabled=%d old=%d by auid %u",
+                       "audit_enabled=%d old=%d by auid=%u",
                         audit_enabled, old, loginuid);
         return old;
  }
@@ -270,7 +270,7 @@ static int audit_set_failure(int state, uid_t loginuid)
                 return -EINVAL;
         audit_failure = state;
         audit_log(NULL, AUDIT_CONFIG_CHANGE,
-                       "audit_failure=%d old=%d by auid %u",
+                       "audit_failure=%d old=%d by auid=%u",
                         audit_failure, old, loginuid);
         return old;
  }
@@ -424,7 +424,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                         int old   = audit_pid;
                         audit_pid = status_get->pid;
                         audit_log(NULL, AUDIT_CONFIG_CHANGE,
-                               "audit_pid=%d old=%d by auid %u",
+                               "audit_pid=%d old=%d by auid=%u",
                                   audit_pid, old, loginuid);
                 }
                 if (status_get->mask & AUDIT_STATUS_RATE_LIMIT)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c

index 74c2ae8..5fc4f52 100644 (file)
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -307,7 +307,7 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
                 if (!err && (flags & AUDIT_AT_EXIT))
                         err = audit_add_rule(entry, &audit_extlist);
                 audit_log(NULL, AUDIT_CONFIG_CHANGE, 
-                               "auid %u added an audit rule\n", loginuid);
+                               "auid=%u added an audit rule\n", loginuid);
                 break;
         case AUDIT_DEL:
                 flags =((struct audit_rule *)data)->flags;
@@ -318,7 +318,7 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
                 if (!err && (flags & AUDIT_AT_EXIT))
                         err = audit_del_rule(data, &audit_extlist);
                 audit_log(NULL, AUDIT_CONFIG_CHANGE,
-                               "auid %u removed an audit rule\n", loginuid);
+                               "auid=%u removed an audit rule\n", loginuid);
                 break;
         default:
                 return -EINVAL;
@@ -678,10 +678,10 @@ static void audit_log_exit(struct audit_context *context)
         ab = audit_log_start(context, AUDIT_SYSCALL);
         if (!ab)
                 return;         /* audit_panic has been called */
-       audit_log_format(ab, "syscall=%d", context->major);
+       audit_log_format(ab, "arch=%x syscall=%d",
+                        context->arch, context->major);
         if (context->personality != PER_LINUX)
                 audit_log_format(ab, " per=%lx", context->personality);
-       audit_log_format(ab, " arch=%x", context->arch);
         if (context->return_valid)
                 audit_log_format(ab, " success=%s exit=%ld", 
                                  (context->return_valid==AUDITSC_SUCCESS)?"yes":"no",
author	David Woodhouse <dwmw2@shinybook.infradead.org>
	Mon, 23 May 2005 20:35:28 +0000 (21:35 +0100)
committer	David Woodhouse <dwmw2@shinybook.infradead.org>
	Mon, 23 May 2005 20:35:28 +0000 (21:35 +0100)
kernel/audit.c		patch \| blob \| history
kernel/auditsc.c		patch \| blob \| history