aboutsummaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorMiloslav Trmac <mitr@redhat.com>2010-09-16 18:14:11 -0400
committerAl Viro <viro@zeniv.linux.org.uk>2010-10-30 01:41:57 -0400
commitd29be158a68254f58cf1fbf60ce1e89557a321aa (patch)
treecd42581516bc189c2e1d83b15fad984c7001561c /kernel
parent2d10d8737ccdba752d60106abbc6ed4f37404923 (diff)
Audit: add support to match lsm labels on user audit messages
Add support for matching by security label (e.g. SELinux context) of the sender of an user-space audit record. The audit filter code already allows user space to configure such filters, but they were ignored during evaluation. This patch implements evaluation of these filters. For example, after application of this patch, PAM authentication logs caused by cron can be disabled using auditctl -a user,never -F subj_type=crond_t Signed-off-by: Miloslav Trmac <mitr@redhat.com> Acked-by: Eric Paris <eparis@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/auditfilter.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index eb7675499fb..add2819af71 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -1252,6 +1252,18 @@ static int audit_filter_user_rules(struct netlink_skb_parms *cb,
1252 case AUDIT_LOGINUID: 1252 case AUDIT_LOGINUID:
1253 result = audit_comparator(cb->loginuid, f->op, f->val); 1253 result = audit_comparator(cb->loginuid, f->op, f->val);
1254 break; 1254 break;
1255 case AUDIT_SUBJ_USER:
1256 case AUDIT_SUBJ_ROLE:
1257 case AUDIT_SUBJ_TYPE:
1258 case AUDIT_SUBJ_SEN:
1259 case AUDIT_SUBJ_CLR:
1260 if (f->lsm_rule)
1261 result = security_audit_rule_match(cb->sid,
1262 f->type,
1263 f->op,
1264 f->lsm_rule,
1265 NULL);
1266 break;
1255 } 1267 }
1256 1268
1257 if (!result) 1269 if (!result)
generated by cgit v1.2.2 (git 2.25.0) at 2024-10-15 15:26:06 -0400