rpms / systemd

Clone
Source Code
GIT

Blame SOURCES/0241-selinux-don-t-log-SELINUX_INFO-and-SELINUX_WARNING-m.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-atomic-beta c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c8s-sig-hyperscale c8s-sig-hyperscale-hotfix-252 c9 c9-beta c9s-sig-hyperscale c9s-sig-hyperscale-hotfix-252
  1.   b9a53a403bf644109f10895336a4b0b990274914
  2.   SOURCES
  3.   0241-selinux-don-t-log-SELINUX_INFO-and-SELINUX_WARNING-m.patch
Blob History Raw
b9a53a 
From cc3c020a5f4fc577dbd2da769c22b77e37ae4e30 Mon Sep 17 00:00:00 2001
b9a53a 
From: Michal Sekletar <msekleta@redhat.com>
b9a53a 
Date: Tue, 26 Feb 2019 17:33:27 +0100
b9a53a 
Subject: [PATCH] selinux: don't log SELINUX_INFO and SELINUX_WARNING messages
b9a53a 
 to audit
b9a53a
b9a53a 
Previously we logged even info message from libselinux as USER_AVC's to
b9a53a 
audit. For example, setting SELinux to permissive mode generated
b9a53a 
following audit message,
b9a53a
b9a53a 
time->Tue Feb 26 11:29:29 2019
b9a53a 
type=USER_AVC msg=audit(1551198569.423:334): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  received setenforce notice (enforcing=0)  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
b9a53a
b9a53a 
This is unnecessary and wrong at the same time. First, kernel already
b9a53a 
records audit event that SELinux was switched to permissive mode, also
b9a53a 
the type of the message really shouldn't be USER_AVC.
b9a53a
b9a53a 
Let's ignore SELINUX_WARNING and SELINUX_INFO and forward to audit only
b9a53a 
USER_AVC's and errors as these two libselinux message types have clear
b9a53a 
mapping to audit message types.
b9a53a
b9a53a 
(cherry picked from commit 6227fc14c48c4c17daed4b91f61cdd4aa375790a)
b9a53a
b9a53a 
Resolves: #1763612
b9a53a 
---
b9a53a 
 src/core/selinux-access.c | 6 +++++-
b9a53a 
 1 file changed, 5 insertions(+), 1 deletion(-)
b9a53a
b9a53a 
diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c
b9a53a 
index 39e994afd7..ada4f8705c 100644
b9a53a 
--- a/src/core/selinux-access.c
b9a53a 
+++ b/src/core/selinux-access.c
b9a53a 
@@ -112,7 +112,11 @@ _printf_(2, 3) static int log_callback(int type, const char *fmt, ...) {
b9a53a 
                 va_end(ap);
b9a53a
b9a53a 
                 if (r >= 0) {
b9a53a 
-                        audit_log_user_avc_message(fd, AUDIT_USER_AVC, buf, NULL, NULL, NULL, 0);
b9a53a 
+                        if (type == SELINUX_AVC)
b9a53a 
+                                audit_log_user_avc_message(get_audit_fd(), AUDIT_USER_AVC, buf, NULL, NULL, NULL, 0);
b9a53a 
+                        else if (type == SELINUX_ERROR)
b9a53a 
+                                audit_log_user_avc_message(get_audit_fd(), AUDIT_USER_SELINUX_ERR, buf, NULL, NULL, NULL, 0);
b9a53a 
+
b9a53a 
                         return 0;
b9a53a 
                 }
b9a53a 
         }

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation