summaryrefslogtreecommitdiff
path: root/kernel/audit.c
diff options
context:
space:
mode:
authorDarrel Goeddel <dgoeddel@trustedcs.com>2006-03-10 18:14:06 -0600
committerAl Viro <viro@zeniv.linux.org.uk>2006-05-01 06:09:36 -0400
commit3dc7e3153eddfcf7ba8b50628775ba516e5f759f (patch)
tree926957e904739fc6c29e5125b7c1635b9f77548c /kernel/audit.c
parent376bd9cb357ec945ac893feaeb63af7370a6e70b (diff)
downloadlwn-3dc7e3153eddfcf7ba8b50628775ba516e5f759f.tar.gz
lwn-3dc7e3153eddfcf7ba8b50628775ba516e5f759f.zip
[PATCH] support for context based audit filtering, part 2
This patch provides the ability to filter audit messages based on the elements of the process' SELinux context (user, role, type, mls sensitivity, and mls clearance). It uses the new interfaces from selinux to opaquely store information related to the selinux context and to filter based on that information. It also uses the callback mechanism provided by selinux to refresh the information when a new policy is loaded. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'kernel/audit.c')
-rw-r--r--kernel/audit.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index c8ccbd09048f..9060be750c48 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -55,6 +55,9 @@
#include <net/netlink.h>
#include <linux/skbuff.h>
#include <linux/netlink.h>
+#include <linux/selinux.h>
+
+#include "audit.h"
/* No auditing will take place until audit_initialized != 0.
* (Initialization happens after skb_init is called.) */
@@ -564,6 +567,11 @@ static int __init audit_init(void)
skb_queue_head_init(&audit_skb_queue);
audit_initialized = 1;
audit_enabled = audit_default;
+
+ /* Register the callback with selinux. This callback will be invoked
+ * when a new policy is loaded. */
+ selinux_audit_set_callback(&selinux_audit_rule_update);
+
audit_log(NULL, GFP_KERNEL, AUDIT_KERNEL, "initialized");
return 0;
}