diff options
author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2011-06-26 23:18:58 +0900 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2011-06-29 09:31:20 +1000 |
commit | eadd99cc85347b4f9eb10122ac90032eb4971b02 (patch) | |
tree | fa6075ad4917422288222ee52bfcb66b7ed30a0e /security/tomoyo/mount.c | |
parent | d5ca1725ac9ba876c2dd614bb9826d0c4e13d818 (diff) |
TOMOYO: Add auditing interface.
Add /sys/kernel/security/tomoyo/audit interface. This interface generates audit
logs in the form of domain policy so that /usr/sbin/tomoyo-auditd can reuse
audit logs for appending to /sys/kernel/security/tomoyo/domain_policy
interface.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo/mount.c')
-rw-r--r-- | security/tomoyo/mount.c | 26 |
1 files changed, 4 insertions, 22 deletions
diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c index 1e610f96c99d..8ba28fda4727 100644 --- a/security/tomoyo/mount.c +++ b/security/tomoyo/mount.c @@ -27,29 +27,11 @@ static const char * const tomoyo_mounts[TOMOYO_MAX_SPECIAL_MOUNT] = { */ static int tomoyo_audit_mount_log(struct tomoyo_request_info *r) { - const char *dev = r->param.mount.dev->name; - const char *dir = r->param.mount.dir->name; - const char *type = r->param.mount.type->name; - const unsigned long flags = r->param.mount.flags; - if (r->granted) - return 0; - if (type == tomoyo_mounts[TOMOYO_MOUNT_REMOUNT]) - tomoyo_warn_log(r, "mount -o remount %s 0x%lX", dir, flags); - else if (type == tomoyo_mounts[TOMOYO_MOUNT_BIND] - || type == tomoyo_mounts[TOMOYO_MOUNT_MOVE]) - tomoyo_warn_log(r, "mount %s %s %s 0x%lX", type, dev, dir, - flags); - else if (type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_UNBINDABLE] || - type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_PRIVATE] || - type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_SLAVE] || - type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_SHARED]) - tomoyo_warn_log(r, "mount %s %s 0x%lX", type, dir, flags); - else - tomoyo_warn_log(r, "mount -t %s %s %s 0x%lX", type, dev, dir, - flags); - return tomoyo_supervisor(r, "allow_mount %s %s %s 0x%lX\n", + return tomoyo_supervisor(r, "file mount %s %s %s 0x%lX\n", r->param.mount.dev->name, - r->param.mount.dir->name, type, flags); + r->param.mount.dir->name, + r->param.mount.type->name, + r->param.mount.flags); } /** |