aboutsummaryrefslogtreecommitdiffstats
path: root/security/apparmor/include/audit.h (follow)
AgeCommit message (Collapse)AuthorFilesLines
2013-10-29apparmor: remove parent task info from audit loggingJohn Johansen1-1/+0
The reporting of the parent task info is a vestage from old versions of apparmor. The need for this information was removed by unique null- profiles before apparmor was upstreamed so remove this info from logging. Signed-off-by: John Johansen <john.johansen@canonical.com>
2013-08-14apparmor: add interface files for profiles and namespacesJohn Johansen1-1/+0
Add basic interface files to access namespace and profile information. The interface files are created when a profile is loaded and removed when the profile or namespace is removed. Signed-off-by: John Johansen <john.johansen@canonical.com>
2012-09-21userns: Convert apparmor to use kuid and kgid where appropriateEric W. Biederman1-1/+1
Cc: John Johansen <john.johansen@canonical.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
2012-04-09apparmor: move task from common_audit_data to apparmor_audit_dataEric Paris1-0/+1
apparmor is the only LSM that uses the common_audit_data tsk field. Instead of making all LSMs pay for the stack space move the aa usage into the apparmor_audit_data. Signed-off-by: Eric Paris <eparis@redhat.com>
2012-04-03LSM: shrink sizeof LSM specific portion of common_audit_dataEric Paris1-1/+27
Linus found that the gigantic size of the common audit data caused a big perf hit on something as simple as running stat() in a loop. This patch requires LSMs to declare the LSM specific portion separately rather than doing it in a union. Thus each LSM can be responsible for shrinking their portion and don't have to pay a penalty just because other LSMs have a bigger space requirement. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-03-14AppArmor: add const qualifiers to string arraysJan Engelhardt1-2/+2
Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: John Johansen <john.johansen@canonical.com>
2012-02-27AppArmor: Fix dropping of allowed operations that are force auditedJohn Johansen1-3/+2
The audit permission flag, that specifies an audit message should be provided when an operation is allowed, was being ignored in some cases. This is because the auto audit mode (which determines the audit mode from system flags) was incorrectly assigned the same value as audit mode. The shared value would result in messages that should be audited going through a second evaluation as to whether they should be audited based on the auto audit, resulting in some messages being dropped. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Kees Cook <kees@ubuntu.com>
2010-08-02AppArmor: basic auditing infrastructure.John Johansen1-0/+123
Update lsm_audit for AppArmor specific data, and add the core routines for AppArmor uses for auditing. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.