diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2005-05-20 19:15:52 -0400 |
---|---|---|
committer | David Woodhouse <dwmw2@shinybook.infradead.org> | 2005-05-20 19:15:52 -0400 |
commit | 011161051bbc25f7f8b7df059dbd934c534443f0 (patch) | |
tree | f1ca3727e4130cacad86dfdae65e7533fcb67784 /include/linux | |
parent | fb19b4c6aa024837a0071f07baa07dbf49d07151 (diff) |
AUDIT: Avoid sleeping function in SElinux AVC audit.
This patch changes the SELinux AVC to defer logging of paths to the audit
framework upon syscall exit, by saving a reference to the (dentry,vfsmount)
pair in an auxiliary audit item on the current audit context for processing
by audit_log_exit.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Diffstat (limited to 'include/linux')
-rw-r--r-- | include/linux/audit.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index 17ea5d522d81..4b7caf0c6e10 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h | |||
@@ -69,6 +69,7 @@ | |||
69 | 69 | ||
70 | #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ | 70 | #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ |
71 | #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ | 71 | #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ |
72 | #define AUDIT_AVC_PATH 1402 /* dentry, vfsmount pair from avc */ | ||
72 | 73 | ||
73 | #define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */ | 74 | #define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */ |
74 | 75 | ||
@@ -225,6 +226,7 @@ extern uid_t audit_get_loginuid(struct audit_context *ctx); | |||
225 | extern int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode); | 226 | extern int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode); |
226 | extern int audit_socketcall(int nargs, unsigned long *args); | 227 | extern int audit_socketcall(int nargs, unsigned long *args); |
227 | extern int audit_sockaddr(int len, void *addr); | 228 | extern int audit_sockaddr(int len, void *addr); |
229 | extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt); | ||
228 | extern void audit_signal_info(int sig, struct task_struct *t); | 230 | extern void audit_signal_info(int sig, struct task_struct *t); |
229 | #else | 231 | #else |
230 | #define audit_alloc(t) ({ 0; }) | 232 | #define audit_alloc(t) ({ 0; }) |
@@ -240,6 +242,7 @@ extern void audit_signal_info(int sig, struct task_struct *t); | |||
240 | #define audit_ipc_perms(q,u,g,m) ({ 0; }) | 242 | #define audit_ipc_perms(q,u,g,m) ({ 0; }) |
241 | #define audit_socketcall(n,a) ({ 0; }) | 243 | #define audit_socketcall(n,a) ({ 0; }) |
242 | #define audit_sockaddr(len, addr) ({ 0; }) | 244 | #define audit_sockaddr(len, addr) ({ 0; }) |
245 | #define audit_avc_path(dentry, mnt) ({ 0; }) | ||
243 | #define audit_signal_info(s,t) do { ; } while (0) | 246 | #define audit_signal_info(s,t) do { ; } while (0) |
244 | #endif | 247 | #endif |
245 | 248 | ||