linux-toradex.git/include/linux/audit.h, branch v2.6.18.8 Linux kernel for Apalis and Colibri modules [PATCH] audit: AUDIT_PERM support 2006-09-11T17:32:30+00:00 Al Viro viro@zeniv.linux.org.uk 2006-08-31T23:26:40+00:00 55669bfa141b488be865341ed12e188967d11308 add support for AUDIT_PERM predicate Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 
add support for AUDIT_PERM predicate

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
[PATCH] audit: more syscall classes added 2006-09-11T17:32:27+00:00 Al Viro viro@zeniv.linux.org.uk 2006-08-31T23:05:56+00:00 dc104fb3231f11e95b5a0f09ae3ab27a8fd5b2e8 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
[PATCH] don't bother with aux entires for dummy context 2006-08-03T14:59:42+00:00 Al Viro viro@zeniv.linux.org.uk 2006-07-16T10:38:45+00:00 5ac3a9c26c1cc4861d9cdd8b293fecbfcdc81afe Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
[PATCH] mark context of syscall entered with no rules as dummy 2006-08-03T14:59:26+00:00 Al Viro viro@zeniv.linux.org.uk 2006-08-03T14:59:26+00:00 d51374adf5f2f88155a072d3d801104e3c0c3d7f Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
[PATCH] introduce audit rules counter 2006-08-03T14:55:18+00:00 Al Viro viro@zeniv.linux.org.uk 2006-07-10T12:29:24+00:00 471a5c7c839114cc8b55876203aeb2817c33e3c5 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
[PATCH] fix missed create event for directory audit 2006-08-03T14:50:30+00:00 Amy Griffis amy.griffis@hp.com 2006-07-13T17:16:39+00:00 73d3ec5abad3f1730ac8530899d2c14d92f3ad63 When an object is created via a symlink into an audited directory, audit misses the event due to not having collected the inode data for the directory. Modify __audit_inode_child() to copy the parent inode data if a parent wasn't found in audit_names[]. Signed-off-by: Amy Griffis <amy.griffis@hp.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 
When an object is created via a symlink into an audited directory, audit misses
the event due to not having collected the inode data for the directory.  Modify
__audit_inode_child() to copy the parent inode data if a parent wasn't found in
audit_names[].

Signed-off-by: Amy Griffis <amy.griffis@hp.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
[PATCH] fix faulty inode data collection for open() with O_CREAT 2006-08-03T14:50:21+00:00 Amy Griffis amy.griffis@hp.com 2006-07-13T17:16:02+00:00 3e2efce067cec0099f99ae59f28feda99b02b498 When the specified path is an existing file or when it is a symlink, audit collects the wrong inode number, which causes it to miss the open() event. Adding a second hook to the open() path fixes this. Also add audit_copy_inode() to consolidate some code. Signed-off-by: Amy Griffis <amy.griffis@hp.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 
When the specified path is an existing file or when it is a symlink, audit
collects the wrong inode number, which causes it to miss the open() event.
Adding a second hook to the open() path fixes this.

Also add audit_copy_inode() to consolidate some code.

Signed-off-by: Amy Griffis <amy.griffis@hp.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
[PATCH] audit syscall classes 2006-07-01T11:44:10+00:00 Al Viro viro@zeniv.linux.org.uk 2006-07-01T07:56:16+00:00 b915543b46a2aa599fdd2169e51bcfd88812a12b Allow to tie upper bits of syscall bitmap in audit rules to kernel-defined sets of syscalls. Infrastructure, a couple of classes (with 32bit counterparts for biarch targets) and actual tie-in on i386, amd64 and ia64. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 
Allow to tie upper bits of syscall bitmap in audit rules to kernel-defined
sets of syscalls.  Infrastructure, a couple of classes (with 32bit counterparts
for biarch targets) and actual tie-in on i386, amd64 and ia64.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
[PATCH] audit: rename AUDIT_SE_* constants 2006-07-01T09:44:08+00:00 Darrel Goeddel dgoeddel@trustedcs.com 2006-06-29T21:56:39+00:00 3a6b9f85c641a3b89420b0c8150ed377526a1fe1 This patch renames some audit constant definitions and adds additional definitions used by the following patch. The renaming avoids ambiguity with respect to the new definitions. Signed-off-by: Darrel Goeddel <dgoeddel@trustedcs.com> include/linux/audit.h | 15 ++++++++---- kernel/auditfilter.c | 50 ++++++++++++++++++++--------------------- kernel/auditsc.c | 10 ++++---- security/selinux/ss/services.c | 32 +++++++++++++------------- 4 files changed, 56 insertions(+), 51 deletions(-) Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 
This patch renames some audit constant definitions and adds
additional definitions used by the following patch.  The renaming
avoids ambiguity with respect to the new definitions.

Signed-off-by: Darrel Goeddel <dgoeddel@trustedcs.com>

 include/linux/audit.h          |   15 ++++++++----
 kernel/auditfilter.c           |   50 ++++++++++++++++++++---------------------
 kernel/auditsc.c               |   10 ++++----
 security/selinux/ss/services.c |   32 +++++++++++++-------------
 4 files changed, 56 insertions(+), 51 deletions(-)
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
[PATCH] add rule filterkey 2006-07-01T09:43:06+00:00 Amy Griffis amy.griffis@hp.com 2006-06-14T22:45:21+00:00 5adc8a6adc91c4c85a64c75a70a619fffc924817 Add support for a rule key, which can be used to tie audit records to audit rules. This is useful when a watched file is accessed through a link or symlink, as well as for general audit log analysis. Because this patch uses a string key instead of an integer key, there is a bit of extra overhead to do the kstrdup() when a rule fires. However, we're also allocating memory for the audit record buffer, so it's probably not that significant. I went ahead with a string key because it seems more user-friendly. Note that the user must ensure that filterkeys are unique. The kernel only checks for duplicate rules. Signed-off-by: Amy Griffis <amy.griffis@hpd.com> 
Add support for a rule key, which can be used to tie audit records to audit
rules.  This is useful when a watched file is accessed through a link or
symlink, as well as for general audit log analysis.

Because this patch uses a string key instead of an integer key, there is a bit
of extra overhead to do the kstrdup() when a rule fires.  However, we're also
allocating memory for the audit record buffer, so it's probably not that
significant.  I went ahead with a string key because it seems more
user-friendly.

Note that the user must ensure that filterkeys are unique.  The kernel only
checks for duplicate rules.

Signed-off-by: Amy Griffis <amy.griffis@hpd.com>