linux/kernel/auditfilter.c, branch v2.6.19

[PATCH] arch filter lists with < or > should not be accepted

2006-10-04T12:31:16Z

Currently the kernel audit system represents arch's as numbers and will gladly accept comparisons between archs using >, <, >=, <= when the only thing that makes sense is = or !=. I'm told that the next revision of auditctl will do this checking but this will provide enforcement in the kernel even for old userspace. A simple command to show the issue would be to run auditctl -d entry,always -F arch>i686 -S chmod with this patch the kernel will reject this with -EINVAL Please comment/ack/nak as soon as possible. -Eric kernel/auditfilter.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) Signed-off-by: Al Viro

[PATCH] selinux: rename selinux_ctxid_to_string

2006-09-26T15:48:52Z

Rename selinux_ctxid_to_string to selinux_sid_to_string to be consistent with other interfaces. Signed-off-by: Stephen Smalley Acked-by: James Morris Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

[PATCH] audit: AUDIT_PERM support

2006-09-11T17:32:30Z

add support for AUDIT_PERM predicate Signed-off-by: Al Viro

[PATCH] update audit rule change messages

2006-09-11T17:32:17Z

Make the audit message for implicit rule removal more informative. Make the rule update message consistent with other messages. Signed-off-by: Amy Griffis Signed-off-by: Al Viro

[PATCH] fix ppid bug in 2.6.18 kernel

2006-09-11T17:32:04Z

Hello, During some troubleshooting, I found that ppid was accidentally omitted from the legacy rule section. This resulted in EINVAL for any rule with ppid sent with AUDIT_ADD. Signed-off-by: Steve Grubb Signed-off-by: Al Viro

[PATCH] introduce audit rules counter

2006-08-03T14:55:18Z

Signed-off-by: Al Viro

[PATCH] fix audit oops with invalid operator

2006-08-03T14:54:43Z

Michael C Thompson wrote: [Tue Aug 01 2006, 02:36:36PM EDT] > The trigger for this oops is: > # auditctl -a exit,always -S pread64 -F 'inode<1' Setting the err value will fix it. Signed-off-by: Amy Griffis Signed-off-by: Al Viro

[PATCH] audit syscall classes

2006-07-01T11:44:10Z

Allow to tie upper bits of syscall bitmap in audit rules to kernel-defined sets of syscalls. Infrastructure, a couple of classes (with 32bit counterparts for biarch targets) and actual tie-in on i386, amd64 and ia64. Signed-off-by: Al Viro

[PATCH] audit: support for object context filters

2006-07-01T09:44:19Z

This patch introduces object audit filters based on the elements of the SELinux context. Signed-off-by: Darrel Goeddel Acked-by: Stephen Smalley kernel/auditfilter.c | 25 +++++++++++++++++++++++++ kernel/auditsc.c | 40 ++++++++++++++++++++++++++++++++++++++++ security/selinux/ss/services.c | 18 +++++++++++++++++- 3 files changed, 82 insertions(+), 1 deletion(-) Signed-off-by: Al Viro

[PATCH] audit: rename AUDIT_SE_* constants

2006-07-01T09:44:08Z

This patch renames some audit constant definitions and adds additional definitions used by the following patch. The renaming avoids ambiguity with respect to the new definitions. Signed-off-by: Darrel Goeddel include/linux/audit.h | 15 ++++++++---- kernel/auditfilter.c | 50 ++++++++++++++++++++--------------------- kernel/auditsc.c | 10 ++++---- security/selinux/ss/services.c | 32 +++++++++++++------------- 4 files changed, 56 insertions(+), 51 deletions(-) Signed-off-by: Al Viro