aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2005-05-20 19:15:52 -0400
committerDavid Woodhouse <dwmw2@shinybook.infradead.org>2005-05-20 19:15:52 -0400
commit011161051bbc25f7f8b7df059dbd934c534443f0 (patch)
treef1ca3727e4130cacad86dfdae65e7533fcb67784 /include
parentfb19b4c6aa024837a0071f07baa07dbf49d07151 (diff)
AUDIT: Avoid sleeping function in SElinux AVC audit.
This patch changes the SELinux AVC to defer logging of paths to the audit framework upon syscall exit, by saving a reference to the (dentry,vfsmount) pair in an auxiliary audit item on the current audit context for processing by audit_log_exit. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Diffstat (limited to 'include')
-rw-r--r--include/linux/audit.h3
1 files changed, 3 insertions, 0 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 17ea5d522d81..4b7caf0c6e10 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -69,6 +69,7 @@
69 69
70#define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ 70#define AUDIT_AVC 1400 /* SE Linux avc denial or grant */
71#define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ 71#define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */
72#define AUDIT_AVC_PATH 1402 /* dentry, vfsmount pair from avc */
72 73
73#define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */ 74#define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */
74 75
@@ -225,6 +226,7 @@ extern uid_t audit_get_loginuid(struct audit_context *ctx);
225extern int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode); 226extern int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode);
226extern int audit_socketcall(int nargs, unsigned long *args); 227extern int audit_socketcall(int nargs, unsigned long *args);
227extern int audit_sockaddr(int len, void *addr); 228extern int audit_sockaddr(int len, void *addr);
229extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt);
228extern void audit_signal_info(int sig, struct task_struct *t); 230extern void audit_signal_info(int sig, struct task_struct *t);
229#else 231#else
230#define audit_alloc(t) ({ 0; }) 232#define audit_alloc(t) ({ 0; })
@@ -240,6 +242,7 @@ extern void audit_signal_info(int sig, struct task_struct *t);
240#define audit_ipc_perms(q,u,g,m) ({ 0; }) 242#define audit_ipc_perms(q,u,g,m) ({ 0; })
241#define audit_socketcall(n,a) ({ 0; }) 243#define audit_socketcall(n,a) ({ 0; })
242#define audit_sockaddr(len, addr) ({ 0; }) 244#define audit_sockaddr(len, addr) ({ 0; })
245#define audit_avc_path(dentry, mnt) ({ 0; })
243#define audit_signal_info(s,t) do { ; } while (0) 246#define audit_signal_info(s,t) do { ; } while (0)
244#endif 247#endif
245 248