diff options
author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2011-09-10 15:24:56 +0900 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2011-09-14 08:27:06 +1000 |
commit | 1f067a682a9bd252107ac6f6946b7332fde42344 (patch) | |
tree | 379bbbf02f0a802453e585a2a482192409308fbb /security/tomoyo/common.c | |
parent | 059d84dbb3897d4ee494a9c842c5dda54316cb47 (diff) | |
download | lwn-1f067a682a9bd252107ac6f6946b7332fde42344.tar.gz lwn-1f067a682a9bd252107ac6f6946b7332fde42344.zip |
TOMOYO: Allow controlling generation of access granted logs for per an entry basis.
Add per-entry flag which controls generation of grant logs because Xen and KVM
issues ioctl requests so frequently. For example,
file ioctl /dev/null 0x5401 grant_log=no
will suppress /sys/kernel/security/tomoyo/audit even if preference says
grant_log=yes .
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo/common.c')
-rw-r--r-- | security/tomoyo/common.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 85d915587a71..2704c384bf1e 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c @@ -1272,6 +1272,10 @@ static bool tomoyo_print_condition(struct tomoyo_io_buffer *head, head->r.cond_step++; /* fall through */ case 3: + if (cond->grant_log != TOMOYO_GRANTLOG_AUTO) + tomoyo_io_printf(head, " grant_log=%s", + tomoyo_yesno(cond->grant_log == + TOMOYO_GRANTLOG_YES)); tomoyo_set_lf(head); return true; } |