rpms / systemd

Clone
Source Code
GIT

Blame SOURCES/0241-selinux-don-t-log-SELINUX_INFO-and-SELINUX_WARNING-m.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-atomic-beta c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c8s-sig-hyperscale c8s-sig-hyperscale-hotfix-252 c9 c9-beta c9s-sig-hyperscale c9s-sig-hyperscale-hotfix-252
  1.   bd1529e51cd3af287b9523231aae4c49ca76c124
  2.   SOURCES
  3.   0241-selinux-don-t-log-SELINUX_INFO-and-SELINUX_WARNING-m.patch
Blob History Raw
4fbe94 
From cc3c020a5f4fc577dbd2da769c22b77e37ae4e30 Mon Sep 17 00:00:00 2001
4fbe94 
From: Michal Sekletar <msekleta@redhat.com>
4fbe94 
Date: Tue, 26 Feb 2019 17:33:27 +0100
4fbe94 
Subject: [PATCH] selinux: don't log SELINUX_INFO and SELINUX_WARNING messages
4fbe94 
 to audit
4fbe94
4fbe94 
Previously we logged even info message from libselinux as USER_AVC's to
4fbe94 
audit. For example, setting SELinux to permissive mode generated
4fbe94 
following audit message,
4fbe94
4fbe94 
time->Tue Feb 26 11:29:29 2019
4fbe94 
type=USER_AVC msg=audit(1551198569.423:334): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  received setenforce notice (enforcing=0)  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
4fbe94
4fbe94 
This is unnecessary and wrong at the same time. First, kernel already
4fbe94 
records audit event that SELinux was switched to permissive mode, also
4fbe94 
the type of the message really shouldn't be USER_AVC.
4fbe94
4fbe94 
Let's ignore SELINUX_WARNING and SELINUX_INFO and forward to audit only
4fbe94 
USER_AVC's and errors as these two libselinux message types have clear
4fbe94 
mapping to audit message types.
4fbe94
4fbe94 
(cherry picked from commit 6227fc14c48c4c17daed4b91f61cdd4aa375790a)
4fbe94
4fbe94 
Resolves: #1763612
4fbe94 
---
4fbe94 
 src/core/selinux-access.c | 6 +++++-
4fbe94 
 1 file changed, 5 insertions(+), 1 deletion(-)
4fbe94
4fbe94 
diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c
4fbe94 
index 39e994afd7..ada4f8705c 100644
4fbe94 
--- a/src/core/selinux-access.c
4fbe94 
+++ b/src/core/selinux-access.c
4fbe94 
@@ -112,7 +112,11 @@ _printf_(2, 3) static int log_callback(int type, const char *fmt, ...) {
4fbe94 
                 va_end(ap);
4fbe94
4fbe94 
                 if (r >= 0) {
4fbe94 
-                        audit_log_user_avc_message(fd, AUDIT_USER_AVC, buf, NULL, NULL, NULL, 0);
4fbe94 
+                        if (type == SELINUX_AVC)
4fbe94 
+                                audit_log_user_avc_message(get_audit_fd(), AUDIT_USER_AVC, buf, NULL, NULL, NULL, 0);
4fbe94 
+                        else if (type == SELINUX_ERROR)
4fbe94 
+                                audit_log_user_avc_message(get_audit_fd(), AUDIT_USER_SELINUX_ERR, buf, NULL, NULL, NULL, 0);
4fbe94 
+
4fbe94 
                         return 0;
4fbe94 
                 }
4fbe94 
         }

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation