[RFC][PATCH 9/11] security: AppArmor - Audit changes

From: Tony Jones
Date: Wed Apr 19 2006 - 13:55:26 EST

Next message: Tony Jones: "[RFC][PATCH 11/11] security: AppArmor - Export namespace semaphore"
Previous message: Tony Jones: "[RFC][PATCH 10/11] security: AppArmor - Add flags to d_path"
In reply to: Stephen Smalley: "Re: [RFC][PATCH 10/11] security: AppArmor - Add flags to d_path"
Next in thread: Amy Griffis: "Re: [RFC][PATCH 9/11] security: AppArmor - Audit changes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This patch adds AppArmor support to the audit subsystem.

It creates id 1500 (already included in the the upstream auditd package) for
AppArmor messages.

It also exports the audit_log_vformat function (analagous to having both
printk and vprintk exported).

Signed-off-by: Tony Jones <tonyj@xxxxxxx>

---
include/linux/audit.h | 5 +++++
kernel/audit.c | 3 ++-
2 files changed, 7 insertions(+), 1 deletion(-)

--- linux-2.6.17-rc1.orig/include/linux/audit.h
+++ linux-2.6.17-rc1/include/linux/audit.h
@@ -95,6 +95,8 @@
#define AUDIT_LAST_KERN_ANOM_MSG 1799
#define AUDIT_ANOM_PROMISCUOUS 1700 /* Device changed promiscuous mode */

+#define AUDIT_AA 1500 /* AppArmor audit */
+
#define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */

/* Rule flags */
@@ -349,6 +351,9 @@
__attribute__((format(printf,4,5)));

extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type);
+extern void audit_log_vformat(struct audit_buffer *ab,
+ const char *fmt, va_list args)
+ __attribute__((format(printf,2,0)));
extern void audit_log_format(struct audit_buffer *ab,
const char *fmt, ...)
__attribute__((format(printf,2,3)));
--- linux-2.6.17-rc1.orig/kernel/audit.c
+++ linux-2.6.17-rc1/kernel/audit.c
@@ -797,7 +797,7 @@
* will be called a second time. Currently, we assume that a printk
* can't format message larger than 1024 bytes, so we don't either.
*/
-static void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
+void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
va_list args)
{
int len, avail;
@@ -999,4 +999,5 @@
EXPORT_SYMBOL(audit_log_start);
EXPORT_SYMBOL(audit_log_end);
EXPORT_SYMBOL(audit_log_format);
+EXPORT_SYMBOL(audit_log_vformat);
EXPORT_SYMBOL(audit_log);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Tony Jones: "[RFC][PATCH 11/11] security: AppArmor - Export namespace semaphore"
Previous message: Tony Jones: "[RFC][PATCH 10/11] security: AppArmor - Add flags to d_path"
In reply to: Stephen Smalley: "Re: [RFC][PATCH 10/11] security: AppArmor - Add flags to d_path"
Next in thread: Amy Griffis: "Re: [RFC][PATCH 9/11] security: AppArmor - Audit changes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]