diff options
author | Steve Grubb <sgrubb@redhat.com> | 2006-01-04 17:08:39 +0300 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2006-03-20 22:08:54 +0300 |
commit | af601e4623d0303bfafa54ec728b7ae8493a8e1b (patch) | |
tree | 5f79d5ae42eeccfc1ffaf8e82a1999e4d3af793e /security/selinux/selinuxfs.c | |
parent | d884596f44ef5a0bcd8a66405dc04902aeaa6fc7 (diff) | |
download | linux-af601e4623d0303bfafa54ec728b7ae8493a8e1b.tar.xz |
[PATCH] SE Linux audit events
Attached is a patch that hardwires important SE Linux events to the audit
system. Please Apply.
Signed-off-by: Steve Grubb <sgrubb@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Diffstat (limited to 'security/selinux/selinuxfs.c')
-rw-r--r-- | security/selinux/selinuxfs.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index b5fa02d17b1e..5eba6664eac0 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -21,6 +21,7 @@ #include <linux/major.h> #include <linux/seq_file.h> #include <linux/percpu.h> +#include <linux/audit.h> #include <asm/uaccess.h> #include <asm/semaphore.h> @@ -126,6 +127,10 @@ static ssize_t sel_write_enforce(struct file * file, const char __user * buf, length = task_has_security(current, SECURITY__SETENFORCE); if (length) goto out; + audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, + "enforcing=%d old_enforcing=%d auid=%u", new_value, + selinux_enforcing, + audit_get_loginuid(current->audit_context)); selinux_enforcing = new_value; if (selinux_enforcing) avc_ss_reset(0); @@ -176,6 +181,9 @@ static ssize_t sel_write_disable(struct file * file, const char __user * buf, length = selinux_disable(); if (length < 0) goto out; + audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, + "selinux=0 auid=%u", + audit_get_loginuid(current->audit_context)); } length = count; @@ -261,6 +269,9 @@ static ssize_t sel_write_load(struct file * file, const char __user * buf, length = ret; else length = count; + audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD, + "policy loaded auid=%u", + audit_get_loginuid(current->audit_context)); out: up(&sel_sem); vfree(data); |