IMA: drop the word integrity in the audit message
Eric Paris [Tue, 20 Apr 2010 14:21:36 +0000 (10:21 -0400)]
integrity_audit_msg() uses "integrity:" in the audit message.  This
violates the (loosely defined) audit system requirements that everything be
a key=value pair and it doesn't provide additional information.  This can
be obviously gleaned from the message type.  Just drop it.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>

security/integrity/ima/ima_audit.c

index ff513ff..fcb1f71 100644 (file)
@@ -40,7 +40,7 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode,
                return;
 
        ab = audit_log_start(current->audit_context, GFP_KERNEL, audit_msgno);
-       audit_log_format(ab, "integrity: pid=%d uid=%u auid=%u ses=%u",
+       audit_log_format(ab, "pid=%d uid=%u auid=%u ses=%u",
                         current->pid, current_cred()->uid,
                         audit_get_loginuid(current),
                         audit_get_sessionid(current));