selinux: apply selinux checks on new audit message types

We use the read check to get the feature set (like AUDIT_GET) and the write check to set the features (like AUDIT_SET). Signed-off-by: N Eric Paris <eparis@redhat.com> Signed-off-by: N Richard Guy Briggs <rgb@redhat.com> Signed-off-by: N Eric Paris <eparis@redhat.com>

selinux: apply selinux checks on new audit message types
We use the read check to get the feature set (like AUDIT_GET) and the write check to set the features (like AUDIT_SET). Signed-off-by: N Eric Paris <eparis@redhat.com> Signed-off-by: N Richard Guy Briggs <rgb@redhat.com> Signed-off-by: N Eric Paris <eparis@redhat.com>
b805b198 · Eric Paris · b0fed402 · b805b198
隐藏空白更改
内联并排

Showing with 2 addition and 0 deletion

security/selinux/nlmsgtab.c security/selinux/nlmsgtab.c +2 -0

未找到文件。
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -116,6 +116,8 @@ static struct nlmsg_perm nlmsg_audit_perms[] =
 	{ AUDIT_MAKE_EQUIV,	NETLINK_AUDIT_SOCKET__NLMSG_WRITE    },
 	{ AUDIT_TTY_GET,	NETLINK_AUDIT_SOCKET__NLMSG_READ     },
 	{ AUDIT_TTY_SET,	NETLINK_AUDIT_SOCKET__NLMSG_TTY_AUDIT	},
+	{ AUDIT_GET_FEATURE,	NETLINK_AUDIT_SOCKET__NLMSG_READ     },
+	{ AUDIT_SET_FEATURE,	NETLINK_AUDIT_SOCKET__NLMSG_WRITE    },
 };