From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753336AbeEKOn2 (ORCPT ); Fri, 11 May 2018 10:43:28 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:42794 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753104AbeEKOmp (ORCPT ); Fri, 11 May 2018 10:42:45 -0400 From: Stefan Berger To: linux-integrity@vger.kernel.org, containers@lists.linux-foundation.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org Cc: serge@hallyn.com, sunyuqiong1988@gmail.com, david.safford@ge.com, mkayaalp@cs.binghamton.edu, James.Bottomley@HansenPartnership.com, zohar@linux.vnet.ibm.com, ebiederm@xmission.com, john.johansen@canonical.com Subject: [RFC PATCH v4 3/5] ima: differentiate auditing policy rules from "audit" actions Date: Fri, 11 May 2018 10:42:28 -0400 X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180511144230.75384-1-stefanb@linux.vnet.ibm.com> References: <20180511144230.75384-1-stefanb@linux.vnet.ibm.com> X-TM-AS-GCONF: 00 x-cbid: 18051114-0020-0000-0000-00000DE8F69A X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00009006; HX=3.00000241; KW=3.00000007; PH=3.00000004; SC=3.00000260; SDB=6.01030766; UDB=6.00526815; IPR=6.00809898; MB=3.00021049; MTD=3.00000008; XFM=3.00000015; UTC=2018-05-11 14:42:43 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18051114-0021-0000-0000-00006152A07E Message-Id: <20180511144230.75384-4-stefanb@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-05-11_06:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1805110139 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Mimi Zohar The AUDIT_INTEGRITY_RULE is used for auditing IMA policy rules and the IMA "audit" policy action. This patch defines AUDIT_INTEGRITY_POLICY to reflect the IMA policy rules. Signed-off-by: Mimi Zohar --- include/uapi/linux/audit.h | 3 ++- security/integrity/ima/ima_policy.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index 4e61a9e05132..8966e7ff1c4c 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -146,7 +146,8 @@ #define AUDIT_INTEGRITY_STATUS 1802 /* Integrity enable status */ #define AUDIT_INTEGRITY_HASH 1803 /* Integrity HASH type */ #define AUDIT_INTEGRITY_PCR 1804 /* PCR invalidation msgs */ -#define AUDIT_INTEGRITY_RULE 1805 /* policy rule */ +#define AUDIT_INTEGRITY_RULE 1805 /* IMA "audit" action policy msgs */ +#define AUDIT_INTEGRITY_POLICY 1806 /* IMA policy rules */ #define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */ diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 915f5572c6ff..3a1412db02a3 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -619,7 +619,7 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) bool uid_token; int result = 0; - ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_INTEGRITY_RULE); + ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_INTEGRITY_POLICY); entry->uid = INVALID_UID; entry->fowner = INVALID_UID; -- 2.14.3