Audit: new auditing message is print, when the user isn't allowed

author mmaslano <mmaslano@redhat.com>

Fri, 24 Aug 2007 06:15:53 +0000 (08:15 +0200)

committer Tomas Janousek <tomi@nomi.cz>

Mon, 27 Aug 2007 14:03:54 +0000 (16:03 +0200)
author mmaslano <mmaslano@redhat.com>
Fri, 24 Aug 2007 06:15:53 +0000 (08:15 +0200)
committer Tomas Janousek <tomi@nomi.cz>
Mon, 27 Aug 2007 14:03:54 +0000 (16:03 +0200)
diff --git a/security.c b/security.c

index 1a122414b1a4da119748aa2d617b6443d5911cbe..a57402c7a52acdcf51559286a26ab4d46ade79db 100644 (file)
--- a/security.c
+++ b/security.c
@@ -29,6 +29,12 @@
  #include <selinux/get_context_list.h>
  #endif
  
+#ifdef WITH_AUDIT
+#include <libaudit.h>
+#define _GNU_SOURCE
+#include <stdio.h>
+#endif
+
  static char ** build_env(char **cronenv);
  
  #ifdef WITH_SELINUX
@@ -483,6 +489,15 @@ static int cron_change_selinux_range( user *u,
                 {
                         if ( security_getenforce() > 0 ) 
                         {
+#ifdef WITH_AUDIT
+                               char *msg = NULL;
+                               if (asprintf(&msg, "cron: Unauthorized MLS range acct=%s new_scontext=%s old_scontext=%s",  u->name, (char*)ucontext, u->scontext) >= 0) {
+                                       int audit_fd = audit_open();
+                                       audit_log_user_message(audit_fd, AUDIT_USER_ROLE_CHANGE, msg, NULL, NULL, NULL, 0);
+                                       close(audit_fd);
+                               }
+                               free(msg);
+#endif
                                 syslog(LOG_ERR,
                                        "CRON (%s) ERROR:"
                                        "Unauthorized range %s in MLS_LEVEL for user %s ",
author	mmaslano <mmaslano@redhat.com>
	Fri, 24 Aug 2007 06:15:53 +0000 (08:15 +0200)
committer	Tomas Janousek <tomi@nomi.cz>
	Mon, 27 Aug 2007 14:03:54 +0000 (16:03 +0200)