1. 01 Jul, 2006 4 commits
    • Al Viro's avatar
      [PATCH] audit syscall classes · b915543b
      Al Viro authored
      Allow to tie upper bits of syscall bitmap in audit rules to kernel-defined
      sets of syscalls.  Infrastructure, a couple of classes (with 32bit counterparts
      for biarch targets) and actual tie-in on i386, amd64 and ia64.
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      b915543b
    • Darrel Goeddel's avatar
      [PATCH] audit: support for object context filters · 6e5a2d1d
      Darrel Goeddel authored
      This patch introduces object audit filters based on the elements
      of the SELinux context.
      Signed-off-by: default avatarDarrel Goeddel <dgoeddel@trustedcs.com>
      Acked-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      
       kernel/auditfilter.c           |   25 +++++++++++++++++++++++++
       kernel/auditsc.c               |   40 ++++++++++++++++++++++++++++++++++++++++
       security/selinux/ss/services.c |   18 +++++++++++++++++-
       3 files changed, 82 insertions(+), 1 deletion(-)
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      6e5a2d1d
    • Darrel Goeddel's avatar
      [PATCH] audit: rename AUDIT_SE_* constants · 3a6b9f85
      Darrel Goeddel authored
      This patch renames some audit constant definitions and adds
      additional definitions used by the following patch.  The renaming
      avoids ambiguity with respect to the new definitions.
      Signed-off-by: default avatarDarrel Goeddel <dgoeddel@trustedcs.com>
      
       include/linux/audit.h          |   15 ++++++++----
       kernel/auditfilter.c           |   50 ++++++++++++++++++++---------------------
       kernel/auditsc.c               |   10 ++++----
       security/selinux/ss/services.c |   32 +++++++++++++-------------
       4 files changed, 56 insertions(+), 51 deletions(-)
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      3a6b9f85
    • Amy Griffis's avatar
      [PATCH] add rule filterkey · 5adc8a6a
      Amy Griffis authored
      Add support for a rule key, which can be used to tie audit records to audit
      rules.  This is useful when a watched file is accessed through a link or
      symlink, as well as for general audit log analysis.
      
      Because this patch uses a string key instead of an integer key, there is a bit
      of extra overhead to do the kstrdup() when a rule fires.  However, we're also
      allocating memory for the audit record buffer, so it's probably not that
      significant.  I went ahead with a string key because it seems more
      user-friendly.
      
      Note that the user must ensure that filterkeys are unique.  The kernel only
      checks for duplicate rules.
      Signed-off-by: default avatarAmy Griffis <amy.griffis@hpd.com>
      5adc8a6a
  2. 30 Jun, 2006 36 commits