aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--security/selinux/selinuxfs.c14
1 files changed, 10 insertions, 4 deletions
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 6128f5293056..ace893568b98 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -168,10 +168,12 @@ static ssize_t sel_write_enforce(struct file *file, const char __user *buf,
168 if (length) 168 if (length)
169 goto out; 169 goto out;
170 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, 170 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
171 "enforcing=%d old_enforcing=%d auid=%u ses=%u", 171 "enforcing=%d old_enforcing=%d auid=%u ses=%u"
172 " enabled=%d old-enabled=%d lsm=selinux res=1",
172 new_value, old_value, 173 new_value, old_value,
173 from_kuid(&init_user_ns, audit_get_loginuid(current)), 174 from_kuid(&init_user_ns, audit_get_loginuid(current)),
174 audit_get_sessionid(current)); 175 audit_get_sessionid(current),
176 selinux_enabled, selinux_enabled);
175 enforcing_set(state, new_value); 177 enforcing_set(state, new_value);
176 if (new_value) 178 if (new_value)
177 avc_ss_reset(state->avc, 0); 179 avc_ss_reset(state->avc, 0);
@@ -279,6 +281,7 @@ static ssize_t sel_write_disable(struct file *file, const char __user *buf,
279 char *page; 281 char *page;
280 ssize_t length; 282 ssize_t length;
281 int new_value; 283 int new_value;
284 int enforcing;
282 285
283 if (count >= PAGE_SIZE) 286 if (count >= PAGE_SIZE)
284 return -ENOMEM; 287 return -ENOMEM;
@@ -296,13 +299,16 @@ static ssize_t sel_write_disable(struct file *file, const char __user *buf,
296 goto out; 299 goto out;
297 300
298 if (new_value) { 301 if (new_value) {
302 enforcing = enforcing_enabled(fsi->state);
299 length = selinux_disable(fsi->state); 303 length = selinux_disable(fsi->state);
300 if (length) 304 if (length)
301 goto out; 305 goto out;
302 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, 306 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
303 "selinux=0 auid=%u ses=%u", 307 "enforcing=%d old_enforcing=%d auid=%u ses=%u"
308 " enabled=%d old-enabled=%d lsm=selinux res=1",
309 enforcing, enforcing,
304 from_kuid(&init_user_ns, audit_get_loginuid(current)), 310 from_kuid(&init_user_ns, audit_get_loginuid(current)),
305 audit_get_sessionid(current)); 311 audit_get_sessionid(current), 0, 1);
306 } 312 }
307 313
308 length = count; 314 length = count;
generated by cgit v1.2.2 (git 2.25.0) at 2025-12-31 06:18:18 -0500