-
- Downloads
[PATCH] support for context based audit filtering
The following patch provides selinux interfaces that will allow the audit system to perform filtering based on the process context (user, role, type, sensitivity, and clearance). These interfaces will allow the selinux module to perform efficient matches based on lower level selinux constructs, rather than relying on context retrievals and string comparisons within the audit module. It also allows for dominance checks on the mls portion of the contexts that are impossible with only string comparisons. Signed-off-by:Darrel Goeddel <dgoeddel@trustedcs.com> Signed-off-by:
Al Viro <viro@zeniv.linux.org.uk>
Showing
- include/linux/audit.h 5 additions, 0 deletionsinclude/linux/audit.h
- include/linux/selinux.h 112 additions, 0 deletionsinclude/linux/selinux.h
- security/selinux/Makefile 1 addition, 1 deletionsecurity/selinux/Makefile
- security/selinux/avc.c 7 additions, 6 deletionssecurity/selinux/avc.c
- security/selinux/exports.c 28 additions, 0 deletionssecurity/selinux/exports.c
- security/selinux/ss/mls.c 29 additions, 1 deletionsecurity/selinux/ss/mls.c
- security/selinux/ss/mls.h 3 additions, 1 deletionsecurity/selinux/ss/mls.h
- security/selinux/ss/services.c 234 additions, 1 deletionsecurity/selinux/ss/services.c
Loading
Please register or sign in to comment