diff options
author | Paul Moore <paul.moore@hp.com> | 2006-09-28 17:51:47 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-09-28 21:03:09 -0400 |
commit | 32f50cdee666333168b5203c7864bede159f789e (patch) | |
tree | c4989cc2521551714f656d60f6b895232ffdeda6 /net/ipv4 | |
parent | 8ea333eb5da3e3219f570220c56bca09f6f4d25a (diff) |
[NetLabel]: add audit support for configuration changes
This patch adds audit support to NetLabel, including six new audit message
types shown below.
#define AUDIT_MAC_UNLBL_ACCEPT 1406
#define AUDIT_MAC_UNLBL_DENY 1407
#define AUDIT_MAC_CIPSOV4_ADD 1408
#define AUDIT_MAC_CIPSOV4_DEL 1409
#define AUDIT_MAC_MAP_ADD 1410
#define AUDIT_MAC_MAP_DEL 1411
Signed-off-by: Paul Moore <paul.moore@hp.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/cipso_ipv4.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c index e6ce0b3ba62a..c4e469ff842d 100644 --- a/net/ipv4/cipso_ipv4.c +++ b/net/ipv4/cipso_ipv4.c | |||
@@ -474,6 +474,7 @@ doi_add_failure_rlock: | |||
474 | /** | 474 | /** |
475 | * cipso_v4_doi_remove - Remove an existing DOI from the CIPSO protocol engine | 475 | * cipso_v4_doi_remove - Remove an existing DOI from the CIPSO protocol engine |
476 | * @doi: the DOI value | 476 | * @doi: the DOI value |
477 | * @audit_secid: the LSM secid to use in the audit message | ||
477 | * @callback: the DOI cleanup/free callback | 478 | * @callback: the DOI cleanup/free callback |
478 | * | 479 | * |
479 | * Description: | 480 | * Description: |
@@ -483,7 +484,9 @@ doi_add_failure_rlock: | |||
483 | * success and negative values on failure. | 484 | * success and negative values on failure. |
484 | * | 485 | * |
485 | */ | 486 | */ |
486 | int cipso_v4_doi_remove(u32 doi, void (*callback) (struct rcu_head * head)) | 487 | int cipso_v4_doi_remove(u32 doi, |
488 | u32 audit_secid, | ||
489 | void (*callback) (struct rcu_head * head)) | ||
487 | { | 490 | { |
488 | struct cipso_v4_doi *doi_def; | 491 | struct cipso_v4_doi *doi_def; |
489 | struct cipso_v4_domhsh_entry *dom_iter; | 492 | struct cipso_v4_domhsh_entry *dom_iter; |
@@ -502,7 +505,8 @@ int cipso_v4_doi_remove(u32 doi, void (*callback) (struct rcu_head * head)) | |||
502 | spin_unlock(&cipso_v4_doi_list_lock); | 505 | spin_unlock(&cipso_v4_doi_list_lock); |
503 | list_for_each_entry_rcu(dom_iter, &doi_def->dom_list, list) | 506 | list_for_each_entry_rcu(dom_iter, &doi_def->dom_list, list) |
504 | if (dom_iter->valid) | 507 | if (dom_iter->valid) |
505 | netlbl_domhsh_remove(dom_iter->domain); | 508 | netlbl_domhsh_remove(dom_iter->domain, |
509 | audit_secid); | ||
506 | cipso_v4_cache_invalidate(); | 510 | cipso_v4_cache_invalidate(); |
507 | rcu_read_unlock(); | 511 | rcu_read_unlock(); |
508 | 512 | ||