1. 01 5月, 2013 9 次提交
  2. 17 4月, 2013 1 次提交
    • E
      audit: allow checking the type of audit message in the user filter · 62062cf8
      Eric Paris 提交于
      When userspace sends messages to the audit system it includes a type.
      We want to be able to filter messages based on that type without have to
      do the all or nothing option currently available on the
      AUDIT_FILTER_TYPE filter list.  Instead we should be able to use the
      AUDIT_FILTER_USER filter list and just use the message type as one part
      of the matching decision.
      Signed-off-by: NEric Paris <eparis@redhat.com>
      62062cf8
  3. 11 4月, 2013 1 次提交
  4. 09 4月, 2013 3 次提交
  5. 12 1月, 2013 2 次提交
  6. 10 10月, 2012 1 次提交
  7. 18 9月, 2012 9 次提交
  8. 11 9月, 2012 1 次提交
  9. 09 9月, 2012 1 次提交
  10. 30 7月, 2012 1 次提交
  11. 30 6月, 2012 1 次提交
    • P
      netlink: add netlink_kernel_cfg parameter to netlink_kernel_create · a31f2d17
      Pablo Neira Ayuso 提交于
      This patch adds the following structure:
      
      struct netlink_kernel_cfg {
              unsigned int    groups;
              void            (*input)(struct sk_buff *skb);
              struct mutex    *cb_mutex;
      };
      
      That can be passed to netlink_kernel_create to set optional configurations
      for netlink kernel sockets.
      
      I've populated this structure by looking for NULL and zero parameters at the
      existing code. The remaining parameters that always need to be set are still
      left in the original interface.
      
      That includes optional parameters for the netlink socket creation. This allows
      easy extensibility of this interface in the future.
      
      This patch also adapts all callers to use this new interface.
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a31f2d17
  12. 27 6月, 2012 1 次提交
  13. 21 3月, 2012 1 次提交
  14. 18 1月, 2012 2 次提交
  15. 09 1月, 2012 1 次提交
  16. 06 1月, 2012 1 次提交
  17. 31 10月, 2011 1 次提交
  18. 27 7月, 2011 1 次提交
  19. 30 6月, 2011 1 次提交
    • M
      netfilter: add SELinux context support to AUDIT target · 131ad62d
      Mr Dash Four 提交于
      In this revision the conversion of secid to SELinux context and adding it
      to the audit log is moved from xt_AUDIT.c to audit.c with the aid of a
      separate helper function - audit_log_secctx - which does both the conversion
      and logging of SELinux context, thus also preventing internal secid number
      being leaked to userspace. If conversion is not successful an error is raised.
      
      With the introduction of this helper function the work done in xt_AUDIT.c is
      much more simplified. It also opens the possibility of this helper function
      being used by other modules (including auditd itself), if desired. With this
      addition, typical (raw auditd) output after applying the patch would be:
      
      type=NETFILTER_PKT msg=audit(1305852240.082:31012): action=0 hook=1 len=52 inif=? outif=eth0 saddr=10.1.1.7 daddr=10.1.2.1 ipid=16312 proto=6 sport=56150 dport=22 obj=system_u:object_r:ssh_client_packet_t:s0
      type=NETFILTER_PKT msg=audit(1306772064.079:56): action=0 hook=3 len=48 inif=eth0 outif=? smac=00:05:5d:7c:27:0b dmac=00:02:b3:0a:7f:81 macproto=0x0800 saddr=10.1.2.1 daddr=10.1.1.7 ipid=462 proto=6 sport=22 dport=3561 obj=system_u:object_r:ssh_server_packet_t:s0
      Acked-by: NEric Paris <eparis@redhat.com>
      Signed-off-by: NMr Dash Four <mr.dash.four@googlemail.com>
      Signed-off-by: NPatrick McHardy <kaber@trash.net>
      131ad62d
  20. 04 3月, 2011 1 次提交