Commit 3035c51e authored by Eric Paris's avatar Eric Paris Committed by Al Viro
Browse files

audit: drop the meaningless and format breaking word 'user' 



userspace audit messages look like so:

type=USER msg=audit(1271170549.415:24710): user pid=14722 uid=0 auid=500 ses=1 subj=unconfined_u:unconfined_r:auditctl_t:s0-s0:c0.c1023 msg=''

That third field just says 'user'.  That's useless and doesn't follow the
key=value pair we are trying to enforce.  We already know it came from the
user based on the record type.  Kill that word.  Die.

Signed-off-by: default avatarEric Paris <eparis@redhat.com>
parent 5195d8e2

kernel/audit.c

+1 −1
Original line number Diff line number Diff line
@@ -631,7 +631,7 @@ static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type, 
	}



	*ab = audit_log_start(NULL, GFP_KERNEL, msg_type);

	audit_log_format(*ab, "user pid=%d uid=%u auid=%u ses=%u",

	audit_log_format(*ab, "pid=%d uid=%u auid=%u ses=%u",

			 pid, uid, auid, ses);

	if (sid) {

		rc = security_secid_to_secctx(sid, &ctx, &len);

CRA Git | Maintained and supported by SUSTech CRA and CCSE