diff options
| author | Steve Grubb <sgrubb@redhat.com> | 2006-01-04 09:08:39 -0500 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2006-03-20 14:08:54 -0500 |
| commit | af601e4623d0303bfafa54ec728b7ae8493a8e1b (patch) | |
| tree | 5f79d5ae42eeccfc1ffaf8e82a1999e4d3af793e /security/selinux/selinuxfs.c | |
| parent | d884596f44ef5a0bcd8a66405dc04902aeaa6fc7 (diff) | |
[PATCH] SE Linux audit events
Attached is a patch that hardwires important SE Linux events to the audit
system. Please Apply.
Signed-off-by: Steve Grubb <sgrubb@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Diffstat (limited to 'security/selinux/selinuxfs.c')
| -rw-r--r-- | security/selinux/selinuxfs.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index b5fa02d17b1e..5eba6664eac0 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c | |||
| @@ -21,6 +21,7 @@ | |||
| 21 | #include <linux/major.h> | 21 | #include <linux/major.h> |
| 22 | #include <linux/seq_file.h> | 22 | #include <linux/seq_file.h> |
| 23 | #include <linux/percpu.h> | 23 | #include <linux/percpu.h> |
| 24 | #include <linux/audit.h> | ||
| 24 | #include <asm/uaccess.h> | 25 | #include <asm/uaccess.h> |
| 25 | #include <asm/semaphore.h> | 26 | #include <asm/semaphore.h> |
| 26 | 27 | ||
| @@ -126,6 +127,10 @@ static ssize_t sel_write_enforce(struct file * file, const char __user * buf, | |||
| 126 | length = task_has_security(current, SECURITY__SETENFORCE); | 127 | length = task_has_security(current, SECURITY__SETENFORCE); |
| 127 | if (length) | 128 | if (length) |
| 128 | goto out; | 129 | goto out; |
| 130 | audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, | ||
| 131 | "enforcing=%d old_enforcing=%d auid=%u", new_value, | ||
| 132 | selinux_enforcing, | ||
| 133 | audit_get_loginuid(current->audit_context)); | ||
| 129 | selinux_enforcing = new_value; | 134 | selinux_enforcing = new_value; |
| 130 | if (selinux_enforcing) | 135 | if (selinux_enforcing) |
| 131 | avc_ss_reset(0); | 136 | avc_ss_reset(0); |
| @@ -176,6 +181,9 @@ static ssize_t sel_write_disable(struct file * file, const char __user * buf, | |||
| 176 | length = selinux_disable(); | 181 | length = selinux_disable(); |
| 177 | if (length < 0) | 182 | if (length < 0) |
| 178 | goto out; | 183 | goto out; |
| 184 | audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, | ||
| 185 | "selinux=0 auid=%u", | ||
| 186 | audit_get_loginuid(current->audit_context)); | ||
| 179 | } | 187 | } |
| 180 | 188 | ||
| 181 | length = count; | 189 | length = count; |
| @@ -261,6 +269,9 @@ static ssize_t sel_write_load(struct file * file, const char __user * buf, | |||
| 261 | length = ret; | 269 | length = ret; |
| 262 | else | 270 | else |
| 263 | length = count; | 271 | length = count; |
| 272 | audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD, | ||
| 273 | "policy loaded auid=%u", | ||
| 274 | audit_get_loginuid(current->audit_context)); | ||
| 264 | out: | 275 | out: |
| 265 | up(&sel_sem); | 276 | up(&sel_sem); |
| 266 | vfree(data); | 277 | vfree(data); |