summaryrefslogtreecommitdiff
path: root/security/tomoyo/mount.c
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2011-06-26 23:18:58 +0900
committerJames Morris <jmorris@namei.org>2011-06-29 09:31:20 +1000
commiteadd99cc85347b4f9eb10122ac90032eb4971b02 (patch)
treefa6075ad4917422288222ee52bfcb66b7ed30a0e /security/tomoyo/mount.c
parentd5ca1725ac9ba876c2dd614bb9826d0c4e13d818 (diff)
TOMOYO: Add auditing interface.
Add /sys/kernel/security/tomoyo/audit interface. This interface generates audit logs in the form of domain policy so that /usr/sbin/tomoyo-auditd can reuse audit logs for appending to /sys/kernel/security/tomoyo/domain_policy interface. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo/mount.c')
-rw-r--r--security/tomoyo/mount.c26
1 files changed, 4 insertions, 22 deletions
diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c
index 1e610f96c99d..8ba28fda4727 100644
--- a/security/tomoyo/mount.c
+++ b/security/tomoyo/mount.c
@@ -27,29 +27,11 @@ static const char * const tomoyo_mounts[TOMOYO_MAX_SPECIAL_MOUNT] = {
*/
static int tomoyo_audit_mount_log(struct tomoyo_request_info *r)
{
- const char *dev = r->param.mount.dev->name;
- const char *dir = r->param.mount.dir->name;
- const char *type = r->param.mount.type->name;
- const unsigned long flags = r->param.mount.flags;
- if (r->granted)
- return 0;
- if (type == tomoyo_mounts[TOMOYO_MOUNT_REMOUNT])
- tomoyo_warn_log(r, "mount -o remount %s 0x%lX", dir, flags);
- else if (type == tomoyo_mounts[TOMOYO_MOUNT_BIND]
- || type == tomoyo_mounts[TOMOYO_MOUNT_MOVE])
- tomoyo_warn_log(r, "mount %s %s %s 0x%lX", type, dev, dir,
- flags);
- else if (type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_UNBINDABLE] ||
- type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_PRIVATE] ||
- type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_SLAVE] ||
- type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_SHARED])
- tomoyo_warn_log(r, "mount %s %s 0x%lX", type, dir, flags);
- else
- tomoyo_warn_log(r, "mount -t %s %s %s 0x%lX", type, dev, dir,
- flags);
- return tomoyo_supervisor(r, "allow_mount %s %s %s 0x%lX\n",
+ return tomoyo_supervisor(r, "file mount %s %s %s 0x%lX\n",
r->param.mount.dev->name,
- r->param.mount.dir->name, type, flags);
+ r->param.mount.dir->name,
+ r->param.mount.type->name,
+ r->param.mount.flags);
}
/**