summaryrefslogtreecommitdiff
path: root/security/tomoyo/common.h
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2011-09-10 10:24:56 +0400
committerJames Morris <jmorris@namei.org>2011-09-14 02:27:06 +0400
commit1f067a682a9bd252107ac6f6946b7332fde42344 (patch)
tree379bbbf02f0a802453e585a2a482192409308fbb /security/tomoyo/common.h
parent059d84dbb3897d4ee494a9c842c5dda54316cb47 (diff)
downloadlinux-1f067a682a9bd252107ac6f6946b7332fde42344.tar.xz
TOMOYO: Allow controlling generation of access granted logs for per an entry basis.
Add per-entry flag which controls generation of grant logs because Xen and KVM issues ioctl requests so frequently. For example, file ioctl /dev/null 0x5401 grant_log=no will suppress /sys/kernel/security/tomoyo/audit even if preference says grant_log=yes . Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo/common.h')
-rw-r--r--security/tomoyo/common.h12
1 files changed, 12 insertions, 0 deletions
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index d1c758e7f92b..435b3d869fc5 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -179,6 +179,16 @@ enum tomoyo_domain_info_flags_index {
TOMOYO_MAX_DOMAIN_INFO_FLAGS
};
+/* Index numbers for audit type. */
+enum tomoyo_grant_log {
+ /* Follow profile's configuration. */
+ TOMOYO_GRANTLOG_AUTO,
+ /* Do not generate grant log. */
+ TOMOYO_GRANTLOG_NO,
+ /* Generate grant_log. */
+ TOMOYO_GRANTLOG_YES,
+};
+
/* Index numbers for group entries. */
enum tomoyo_group_id {
TOMOYO_PATH_GROUP,
@@ -471,6 +481,7 @@ struct tomoyo_request_info {
int need_dev;
} mount;
} param;
+ struct tomoyo_acl_info *matched_acl;
u8 param_type;
bool granted;
u8 retry;
@@ -635,6 +646,7 @@ struct tomoyo_condition {
u16 names_count; /* Number of "struct tomoyo_name_union names". */
u16 argc; /* Number of "struct tomoyo_argv". */
u16 envc; /* Number of "struct tomoyo_envp". */
+ u8 grant_log; /* One of values in "enum tomoyo_grant_log". */
/*
* struct tomoyo_condition_element condition[condc];
* struct tomoyo_number_union values[numbers_count];