aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv4
diff options
context:
space:
mode:
authorPaul Moore <paul.moore@hp.com>2006-09-28 17:51:47 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2006-09-28 21:03:09 -0400
commit32f50cdee666333168b5203c7864bede159f789e (patch)
treec4989cc2521551714f656d60f6b895232ffdeda6 /net/ipv4
parent8ea333eb5da3e3219f570220c56bca09f6f4d25a (diff)
[NetLabel]: add audit support for configuration changes
This patch adds audit support to NetLabel, including six new audit message types shown below. #define AUDIT_MAC_UNLBL_ACCEPT 1406 #define AUDIT_MAC_UNLBL_DENY 1407 #define AUDIT_MAC_CIPSOV4_ADD 1408 #define AUDIT_MAC_CIPSOV4_DEL 1409 #define AUDIT_MAC_MAP_ADD 1410 #define AUDIT_MAC_MAP_DEL 1411 Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r--net/ipv4/cipso_ipv4.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c
index e6ce0b3ba62a..c4e469ff842d 100644
--- a/net/ipv4/cipso_ipv4.c
+++ b/net/ipv4/cipso_ipv4.c
@@ -474,6 +474,7 @@ doi_add_failure_rlock:
474/** 474/**
475 * cipso_v4_doi_remove - Remove an existing DOI from the CIPSO protocol engine 475 * cipso_v4_doi_remove - Remove an existing DOI from the CIPSO protocol engine
476 * @doi: the DOI value 476 * @doi: the DOI value
477 * @audit_secid: the LSM secid to use in the audit message
477 * @callback: the DOI cleanup/free callback 478 * @callback: the DOI cleanup/free callback
478 * 479 *
479 * Description: 480 * Description:
@@ -483,7 +484,9 @@ doi_add_failure_rlock:
483 * success and negative values on failure. 484 * success and negative values on failure.
484 * 485 *
485 */ 486 */
486int cipso_v4_doi_remove(u32 doi, void (*callback) (struct rcu_head * head)) 487int cipso_v4_doi_remove(u32 doi,
488 u32 audit_secid,
489 void (*callback) (struct rcu_head * head))
487{ 490{
488 struct cipso_v4_doi *doi_def; 491 struct cipso_v4_doi *doi_def;
489 struct cipso_v4_domhsh_entry *dom_iter; 492 struct cipso_v4_domhsh_entry *dom_iter;
@@ -502,7 +505,8 @@ int cipso_v4_doi_remove(u32 doi, void (*callback) (struct rcu_head * head))
502 spin_unlock(&cipso_v4_doi_list_lock); 505 spin_unlock(&cipso_v4_doi_list_lock);
503 list_for_each_entry_rcu(dom_iter, &doi_def->dom_list, list) 506 list_for_each_entry_rcu(dom_iter, &doi_def->dom_list, list)
504 if (dom_iter->valid) 507 if (dom_iter->valid)
505 netlbl_domhsh_remove(dom_iter->domain); 508 netlbl_domhsh_remove(dom_iter->domain,
509 audit_secid);
506 cipso_v4_cache_invalidate(); 510 cipso_v4_cache_invalidate();
507 rcu_read_unlock(); 511 rcu_read_unlock();
508 512