Merge branch 'audit.b3' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current

* 'audit.b3' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current: (22 commits) [PATCH] fix audit_init failure path [PATCH] EXPORT_SYMBOL patch for audit_log, audit_log_start, audit_log_end and audit_format [PATCH] sem2mutex: audit_netlink_sem [PATCH] simplify audit_free() locking [PATCH] Fix audit operators [PATCH] promiscuous mode [PATCH] Add tty to syscall audit records [PATCH] add/remove rule update [PATCH] audit string fields interface + consumer [PATCH] SE Linux audit events [PATCH] Minor cosmetic cleanups to the code moved into auditfilter.c [PATCH] Fix audit record filtering with !CONFIG_AUDITSYSCALL [PATCH] Fix IA64 success/failure indication in syscall auditing. [PATCH] Miscellaneous bug and warning fixes [PATCH] Capture selinux subject/object context information. [PATCH] Exclude messages by message type [PATCH] Collect more inode information during syscall processing. [PATCH] Pass dentry, not just name, in fsnotify creation hooks. [PATCH] Define new range of userspace messages. [PATCH] Filter rule comparators ... Fixed trivial conflict in security/selinux/hooks.c
author: Linus Torvalds <torvalds@g5.osdl.org> 2006-03-25 12:24:53 -0500
committer: Linus Torvalds <torvalds@g5.osdl.org> 2006-03-25 12:24:53 -0500
commit: 1b9a3917366028cc451a98dd22e3bcd537d4e5c1 (patch)
tree: d911058720e0a9aeeaf9f407ccdc6fbf4047f47d /security/selinux/selinuxfs.c
parent: 3661f00e2097676847deb01add1a0918044bd816 (diff)
parent: 71e1c784b24a026a490b3de01541fc5ee14ebc09 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index f5d78365488f..a4efc966f065 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -22,6 +22,7 @@
 #include <linux/major.h>
 #include <linux/seq_file.h>
 #include <linux/percpu.h>
+#include <linux/audit.h>
 #include <asm/uaccess.h>
 #include <asm/semaphore.h>
@@ -127,6 +128,10 @@ static ssize_t sel_write_enforce(struct file * file, const char __user * buf,
                length = task_has_security(current, SECURITY__SETENFORCE);
                if (length)
                        goto out;
+                audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
+                        "enforcing=%d old_enforcing=%d auid=%u", new_value, 
+                        selinux_enforcing,
+                        audit_get_loginuid(current->audit_context));
                selinux_enforcing = new_value;
                if (selinux_enforcing)
                        avc_ss_reset(0);
@@ -177,6 +182,9 @@ static ssize_t sel_write_disable(struct file * file, const char __user * buf,
                length = selinux_disable();
                if (length < 0)
                        goto out;
+                audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
+                        "selinux=0 auid=%u",
+                        audit_get_loginuid(current->audit_context));
        }
        length = count;
@@ -262,6 +270,9 @@ static ssize_t sel_write_load(struct file * file, const char __user * buf,
                length = ret;
        else
                length = count;
+        audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
+                "policy loaded auid=%u",
+                audit_get_loginuid(current->audit_context));
 out:
        mutex_unlock(&sel_mutex);
        vfree(data);
author	Linus Torvalds <torvalds@g5.osdl.org>	2006-03-25 12:24:53 -0500
committer	Linus Torvalds <torvalds@g5.osdl.org>	2006-03-25 12:24:53 -0500
commit	1b9a3917366028cc451a98dd22e3bcd537d4e5c1 (patch)
tree	d911058720e0a9aeeaf9f407ccdc6fbf4047f47d /security/selinux/selinuxfs.c
parent	3661f00e2097676847deb01add1a0918044bd816 (diff)
parent	71e1c784b24a026a490b3de01541fc5ee14ebc09 (diff)