Subject: [PATCH-v2 -mm 0/9] LSM-neutral Audit (SELinux audit separation)
Newsgroups: gmane.linux.kernel.lsm, gmane.linux.kernel, gmane.linux.redhat.security.audit
Date: 2008-03-01 19:47:52 GMT (31 weeks, 6 days, 11 hours and 1 minute ago)
Hi everybody, A series of 9 patches to let Audit be LSM netural. This is done for proper future audit<->SMACK integration which will also be useful for any future LSM. Basically, patches add below new LSM hooks: 1- secid extraction: inode_getsecid(inode, secid) ipc_getsecid(ipcp, secid) 2- LSM-specific Audit rules manipulation: audit_rule_init(field, op, rulestr, lsmrule) audit_rule_known(krule) audit_rule_match(secid, field, op, rule, actx) audit_rule_free(rule) and remove ,now redundant, equivalent SELinux exported interfaces. Initial work and idea by: Casey Schaufler <casey <at> schaufler-ca.com> Thanks to Paul Moore <paul.moore <at> hp.com> for his deep review of first version. include/linux/audit.h | 29 ++++++++ include/linux/security.h | 102 +++++++++++++++++++++++++++++ include/linux/selinux.h | 134 --------------------------------------- kernel/audit.c | 24 ++---- kernel/audit.h | 25 ------- kernel/auditfilter.c | 99 ++++++++++------------------ kernel/auditsc.c | 74 +++++++++++---------- net/netlink/af_netlink.c | 3 +- security/dummy.c | 47 +++++++++++++ security/security.c | 35 ++++++++++ security/selinux/exports.c | 42 ------------ security/selinux/hooks.c | 27 +++++++ security/selinux/include/audit.h | 65 ++++++++++++++++++ security/selinux/ss/services.c | 45 +++++++++---- 14 files changed, 420 insertions(+), 331 deletions(-) Regards, -- "Better to light a candle, than curse the darkness" Ahmed S. Darwish Homepage: http://darwish.07.googlepages.com Blog: http://darwish-07.blogspot.com -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo <at> vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html