Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Ahmed S. Darwish <darwish.07 <at> gmail.com>
Subject: [PATCH-v2 -mm 0/9] LSM-neutral Audit (SELinux audit separation)
Newsgroups: gmane.linux.kernel.lsm
Date: Saturday 1st March 2008 19:47:52 UTC (over 9 years ago)
Hi everybody,

A series of 9 patches to let Audit be LSM netural. This is done 
for proper future audit<->SMACK integration which will also be
useful for any future LSM.

Basically, patches add below new LSM hooks:

1- secid extraction:
inode_getsecid(inode, secid)
ipc_getsecid(ipcp, secid)

2- LSM-specific Audit rules manipulation:
audit_rule_init(field, op, rulestr, lsmrule)
audit_rule_known(krule)
audit_rule_match(secid, field, op, rule, actx)
audit_rule_free(rule)

and remove ,now redundant, equivalent SELinux exported interfaces.

Initial work and idea by: Casey Schaufler 
Thanks to Paul Moore  for his deep review of first
version.

 include/linux/audit.h            |   29 ++++++++
 include/linux/security.h         |  102 +++++++++++++++++++++++++++++
 include/linux/selinux.h          |  134
---------------------------------------
 kernel/audit.c                   |   24 ++----
 kernel/audit.h                   |   25 -------
 kernel/auditfilter.c             |   99 ++++++++++------------------
 kernel/auditsc.c                 |   74 +++++++++++----------
 net/netlink/af_netlink.c         |    3 +-
 security/dummy.c                 |   47 +++++++++++++
 security/security.c              |   35 ++++++++++
 security/selinux/exports.c       |   42 ------------
 security/selinux/hooks.c         |   27 +++++++
 security/selinux/include/audit.h |   65 ++++++++++++++++++
 security/selinux/ss/services.c   |   45 +++++++++----
 14 files changed, 420 insertions(+), 331 deletions(-)

Regards,

-- 

"Better to light a candle, than curse the darkness"

Ahmed S. Darwish
Homepage: http://darwish.07.googlepages.com
Blog: http://darwish-07.blogspot.com

--
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
 
CD: 3ms