From: Etienne Basset <etienne.basset@numericable.fr>
To: LSM <linux-security-module@vger.kernel.org>,
Casey Schaufler <casey@schaufler-ca.com>
Cc: Eric Paris <eparis@redhat.com>,
linux-audit@redhat.com,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: [PATCH 0/2] security/smack implement logging V2
Date: Sun, 05 Apr 2009 10:46:50 +0200 [thread overview]
Message-ID: <49D86FFA.1010507@numericable.fr> (raw)
Hello,
the following 2 patches implements auditing of security events for Smack.
It tries to implement what Eric Paris suggested, and moves shareable code
to include/linux/lsm_audit.h and security/lsm_audit.c.
Smack specific logging functions are now defined in smack_access.c
patch 1 : created common LSM auditing code
patch 2 : convert smack to use it
the patches are against current mainline
thanks,
Etienne
sample logs produced :
type=1400 audit(1238919766.161:13): SMACK[smack_netlabel_send]: action=denied subject="FOO" object="BAR" requested=w pid=6672 comm="telnet" daddr=212.180.1.1 dest=80
type=1400 audit(1238919813.116:21): SMACK[smack_inode_getattr]: action=denied subject="FOO" object="etienne" requested=r pid=6679 comm="bash" path="/home/etienne/Desktop" dev=sda8ino=1237000
type=1400 audit(1238919813.773:22): SMACK[smack_inode_permission]: action=denied subject="FOO" object="_" requested=wx pid=6691 comm="rm"name="etienne" dev=sda8 ino=1236993
type=1400 audit(1238919842.953:30): SMACK[smack_task_kill]: action=denied subject="FOO" object="_" requested=w pid=6679 comm="bash"pid=6466 comm="thunderbird-bin"
type=1400 audit(1238920571.962:52): SMACK[smack_sb_mount]: action=denied subject="FOO" object="_" requested=w pid=6835 comm="mount" path="/debug" dev=sda5 ino=16161
type=1400 audit(1238920971.805:10435): SMACK[smack_socket_sock_rcv_skb]: action=granted subject="_" object="_" requested=w saddr=77.199.172.15 src=8541 daddr=192.168.0.10 dest=36917 netif=eth0
next reply other threads:[~2009-04-05 8:47 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-04-05 8:46 Etienne Basset [this message]
2009-04-06 15:34 ` [PATCH 0/2] security/smack implement logging V2 Eric Paris
2009-04-06 16:49 ` Etienne Basset
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49D86FFA.1010507@numericable.fr \
--to=etienne.basset@numericable.fr \
--cc=casey@schaufler-ca.com \
--cc=eparis@redhat.com \
--cc=linux-audit@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox