2014-07-11 23:01:21 +02:00
|
|
|
From: William Preston <wpreston@suse.com>
|
|
|
|
|
Subject: ausearch is looking for the "tclass" field in the entries, which doesn't make sense for apparmor.
|
|
|
|
|
References: bnc#878687
|
|
|
|
|
References: https://www.redhat.com/archives/linux-audit/2014-May/msg00094.html https://www.redhat.com/archives/linux-audit/2014-June/msg00001.html
|
|
|
|
|
Upstream: never
|
|
|
|
|
Signed-off-by: Tony Jones <tonyj@suse.de>
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
src/ausearch-parse.c | 18 ++++++++----------
|
|
|
|
|
1 file changed, 8 insertions(+), 10 deletions(-)
|
|
|
|
|
|
2023-07-03 16:59:58 +02:00
|
|
|
Index: audit-3.1.1/src/ausearch-parse.c
|
Accepting request 1043243 from home:ematsumiya:branches:security
- Enable build for ARM (32-bit)
- Update to version 3.0.9:
* In auditd, release the async flush lock on stop
* Don't allow auditd to log directly into /var/log when log_group is non-zero
* Cleanup krb5 memory leaks on error paths
* Update auditd.cron to use auditctl --signal
* In auparse, if too many fields, realloc array bigger (Paul Wolneykien)
* In auparse, special case kernel module name interpretation
* If overflow_action is ignore, don't treat as an error
(3.0.8)
* Add gcc function attributes for access and allocation
* Add some more man pages (MIZUTA Takeshi)
* In auditd, change the reinitializing of the plugin queue
* Fix path normalization in auparse (Sergio Correia)
* In libaudit, handle ECONNREFUSED for network uid/gid lookups (Enzo Matsumiya)
* In audisp-remote, fix hang with disk_low_action=suspend (Enzo Matsumiya)
* Drop ProtectHome from auditd.service as it interferes with rules
(3.0.7)
* Add support for the OPENAT2 record type (Richard Guy Briggs)
* In auditd, close the logging file descriptor when logging is suspended
* Update the capabilities lookup table to match 5.16 kernel
* Improve interpretation of renamat & faccessat family of syscalls
* Update syscall table for the 5.16 kernel
* Reduce dependency from initscripts to initscripts-service
- Refresh patches (context adjusment):
* audit-allow-manual-stop.patch
* audit-ausearch-do-not-require-tclass.patch
* audit-no-gss.patch
* enable-stop-rules.patch
* fix-hardened-service.patch
* harden_auditd.service.patch
- Remove patches (fixed by version update):
* libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch
* audisp-remote-fix-hang-with-disk_low_action-suspend-.patch
- Enable build for ARM (32-bit)
- Update to version 3.0.9:
* In auditd, release the async flush lock on stop
* Don't allow auditd to log directly into /var/log when log_group is non-zero
* Cleanup krb5 memory leaks on error paths
* Update auditd.cron to use auditctl --signal
* In auparse, if too many fields, realloc array bigger (Paul Wolneykien)
* In auparse, special case kernel module name interpretation
* If overflow_action is ignore, don't treat as an error
(3.0.8)
* Add gcc function attributes for access and allocation
* Add some more man pages (MIZUTA Takeshi)
* In auditd, change the reinitializing of the plugin queue
* Fix path normalization in auparse (Sergio Correia)
* In libaudit, handle ECONNREFUSED for network uid/gid lookups (Enzo Matsumiya)
* In audisp-remote, fix hang with disk_low_action=suspend (Enzo Matsumiya)
* Drop ProtectHome from auditd.service as it interferes with rules
(3.0.7)
* Add support for the OPENAT2 record type (Richard Guy Briggs)
* In auditd, close the logging file descriptor when logging is suspended
* Update the capabilities lookup table to match 5.16 kernel
* Improve interpretation of renamat & faccessat family of syscalls
* Update syscall table for the 5.16 kernel
* Reduce dependency from initscripts to initscripts-service
- Refresh patches (context adjusment):
* audit-allow-manual-stop.patch
* audit-ausearch-do-not-require-tclass.patch
* audit-no-gss.patch
* enable-stop-rules.patch
* fix-hardened-service.patch
* harden_auditd.service.patch
- Remove patches (fixed by version update):
* libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch
* audisp-remote-fix-hang-with-disk_low_action-suspend-.patch
OBS-URL: https://build.opensuse.org/request/show/1043243
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=141
2022-12-19 20:54:31 +01:00
|
|
|
===================================================================
|
2023-07-03 16:59:58 +02:00
|
|
|
--- audit-3.1.1.orig/src/ausearch-parse.c
|
|
|
|
|
+++ audit-3.1.1/src/ausearch-parse.c
|
|
|
|
|
@@ -2075,17 +2075,15 @@ other_avc:
|
2014-07-11 23:01:21 +02:00
|
|
|
|
|
|
|
|
// Now get the class...its at the end, so we do things different
|
|
|
|
|
str = strstr(term, "tclass=");
|
|
|
|
|
- if (str == NULL) {
|
|
|
|
|
- rc = 9;
|
|
|
|
|
- goto err;
|
|
|
|
|
+ if (str) {
|
|
|
|
|
+ str += 7;
|
|
|
|
|
+ term = strchr(str, ' ');
|
|
|
|
|
+ if (term)
|
|
|
|
|
+ *term = 0;
|
|
|
|
|
+ an.avc_class = strdup(str);
|
|
|
|
|
+ if (term)
|
|
|
|
|
+ *term = ' ';
|
|
|
|
|
}
|
|
|
|
|
- str += 7;
|
|
|
|
|
- term = strchr(str, ' ');
|
|
|
|
|
- if (term)
|
|
|
|
|
- *term = 0;
|
|
|
|
|
- an.avc_class = strdup(str);
|
|
|
|
|
- if (term)
|
|
|
|
|
- *term = ' ';
|
|
|
|
|
|
|
|
|
|
if (audit_avc_init(s) == 0) {
|
|
|
|
|
alist_append(s->avc, &an);
|
