proxmox-mirrors/mirror_ubuntu-kernels
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_ubuntu-kernels.git synced 2025-12-25 23:23:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
b6cac5a30b
mirror_ubuntu-kernels/security/selinux
History
Stephen Smalley b6cac5a30b selinux: Only audit permissions specified in policy 
Only audit the permissions specified by the policy rules.

Before:
type=AVC msg=audit(01/28/2010 14:30:46.690:3250) : avc:  denied  { read
append } for  pid=14092 comm=foo name=test_file dev=dm-1 ino=132932
scontext=unconfined_u:unconfined_r:load_policy_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:rpm_tmp_t:s0 tclass=file

After:
type=AVC msg=audit(01/28/2010 14:52:37.448:26) : avc:  denied
{ append } for  pid=1917 comm=foo name=test_file dev=dm-1 ino=132932
scontext=unconfined_u:unconfined_r:load_policy_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:rpm_tmp_t:s0 tclass=file

Reference:
https://bugzilla.redhat.com/show_bug.cgi?id=558499

Reported-by: Tom London <selinux@gmail.com>
Signed-off-by: Stephen D. Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
2010-02-03 08:49:10 +11:00
..
include selinux: change the handling of unknown classes 2010-01-18 09:54:26 +11:00
ss selinux: remove dead code in type_attribute_bounds_av() 2010-01-25 08:31:38 +11:00
.gitignore SELinux: add .gitignore files for dynamic classes 2009-10-24 09:42:27 +08:00
avc.c selinux: Only audit permissions specified in policy 2010-02-03 08:49:10 +11:00
exports.c Creds: creds->security can be NULL is selinux is disabled 2009-09-14 12:34:07 +10:00
hooks.c SECURITY: selinux, fix update_rlimit_cpu parameter 2010-01-04 11:27:18 +01:00
Kconfig selinux: Deprecate and schedule the removal of the the compat_net functionality 2008-12-31 12:54:11 -05:00
Makefile selinux: generate flask headers during kernel build 2009-10-07 21:56:44 +11:00
netif.c SELinux fixups needed for preemptable RCU from -rt 2008-04-22 15:37:23 +10:00
netlabel.c tree-wide: fix assorted typos all over the place 2009-12-04 15:39:55 +01:00
netlink.c SELinux: netlink.c whitespace, syntax, and static declaraction cleanups 2008-04-21 19:05:05 +10:00
netnode.c SELinux: keep the code clean formating and syntax 2008-07-14 15:01:36 +10:00
netport.c SELinux: keep the code clean formating and syntax 2008-07-14 15:01:36 +10:00
nlmsgtab.c SELinux: define audit permissions for audit tree netlink messages 2009-06-03 07:44:53 +10:00
selinuxfs.c selinux: change the handling of unknown classes 2010-01-18 09:54:26 +11:00
xfrm.c SELinux: Convert avc_audit to use lsm_audit.h 2009-08-17 08:37:18 +10:00