From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Mr Dash Four <mr.dash.four@googlemail.com>
Cc: netfilter-devel@vger.kernel.org, Thomas Graf <tgraf@redhat.com>,
Patrick McHardy <kaber@trash.net>,
Eric Paris <eparis@parisplace.org>,
Al Viro <viro@ZenIV.linux.org.uk>,
Linux-audit <linux-audit@redhat.com>
Subject: Re: [PATCH 2nd revision] Add SELinux context support to AUDIT target
Date: Mon, 06 Jun 2011 01:06:41 +0200 [thread overview]
Message-ID: <4DEC0C01.4040900@netfilter.org> (raw)
In-Reply-To: <4DEA4B44.8050809@googlemail.com>
On 04/06/11 17:12, Mr Dash Four wrote:
> Add SELinux context support to AUDIT target (2nd revision). Typical (raw auditd) output after applying this patch would be:
>
> type=NETFILTER_PKT msg=audit(1305852240.082:31012): action=0 hook=1 len=52 inif=? outif=eth0 saddr=10.1.1.7 daddr=10.1.2.1 ipid=16312 proto=6 sport=56150 dport=22 obj=system_u:object_r:ssh_packet_t:s0
> type=NETFILTER_PKT msg=audit(1306772064.079:56): action=0 hook=3 len=48 inif=eth0 outif=? smac=00:05:5d:7c:27:0b dmac=00:02:b3:0a:7f:81 macproto=0x0800 saddr=10.1.2.1 daddr=10.1.1.7 ipid=462 proto=6 sport=3561 dport=22 obj=system_u:object_r:ssh_packet_t:s0
>
>
> Signed-off-by: Mr Dash Four <mr.dash.four@googlemail.com>
> ---
> net/netfilter/xt_AUDIT.c | 15 +++++++++++++++
> 1 files changed, 15 insertions(+), 0 deletions(-)
>
> diff --git a/net/netfilter/xt_AUDIT.c b/net/netfilter/xt_AUDIT.c
> index 363a99e..616cadc 100644
> --- a/net/netfilter/xt_AUDIT.c
> +++ b/net/netfilter/xt_AUDIT.c
> @@ -20,6 +20,9 @@
> #include <linux/netfilter/x_tables.h>
> #include <linux/netfilter/xt_AUDIT.h>
> #include <linux/netfilter_bridge/ebtables.h>
> +#ifdef CONFIG_NF_CONNTRACK_SECMARK
> +#include <linux/security.h>
> +#endif
> #include <net/ipv6.h>
> #include <net/ip.h>
>
> @@ -122,6 +125,10 @@ audit_tg(struct sk_buff *skb, const struct xt_action_param *par)
> {
> const struct xt_audit_info *info = par->targinfo;
> struct audit_buffer *ab;
> +#ifdef CONFIG_NF_CONNTRACK_SECMARK
> + u32 len;
> + char *secctx;
> +#endif
>
> ab = audit_log_start(NULL, GFP_ATOMIC, AUDIT_NETFILTER_PKT);
> if (ab == NULL)
> @@ -163,6 +170,14 @@ audit_tg(struct sk_buff *skb, const struct xt_action_param *par)
> break;
> }
>
> +#ifdef CONFIG_NF_CONNTRACK_SECMARK
> + if (skb->secmark)
Minor nitpick. This 'if' needs one {
> + if (!security_secid_to_secctx(skb->secmark, &secctx, &len)) {
> + audit_log_format(ab, " obj=%s", secctx);
> + security_release_secctx(secctx, len);
> + }
}
next prev parent reply other threads:[~2011-06-05 23:06 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-20 1:09 [PATCH] Add SELinux context support to AUDIT target Mr Dash Four
2011-05-26 16:49 ` Pablo Neira Ayuso
2011-05-26 17:03 ` Mr Dash Four
2011-05-26 17:44 ` Pablo Neira Ayuso
2011-06-04 15:12 ` [PATCH 2nd revision] " Mr Dash Four
2011-06-05 23:06 ` Pablo Neira Ayuso [this message]
2011-06-06 12:02 ` Mr Dash Four
2011-06-06 23:20 ` Pablo Neira Ayuso
2011-06-07 8:18 ` Mr Dash Four
2011-06-07 9:12 ` Pablo Neira Ayuso
2011-06-07 10:32 ` [PATCH 3rd " Mr Dash Four
2011-06-08 14:49 ` Steve Grubb
2011-06-08 16:12 ` Mr Dash Four
2011-06-08 17:14 ` Steve Grubb
2011-06-08 18:04 ` Mr Dash Four
2011-06-08 18:13 ` Casey Schaufler
2011-06-08 18:33 ` Eric Paris
2011-06-08 19:00 ` Mr Dash Four
2011-06-08 19:08 ` Eric Paris
2011-06-08 19:14 ` Mr Dash Four
2011-06-08 19:28 ` Steve Grubb
2011-06-08 19:39 ` Eric Paris
2011-06-09 12:28 ` Patrick McHardy
2011-06-09 12:52 ` Eric Paris
2011-06-09 12:56 ` Patrick McHardy
2011-06-09 14:08 ` Mr Dash Four
2011-06-09 15:06 ` Eric Paris
2011-06-09 15:16 ` Mr Dash Four
2011-06-16 8:36 ` Mr Dash Four
2011-06-18 12:08 ` [PATCH 4th " Mr Dash Four
2011-06-20 12:20 ` Steve Grubb
2011-06-20 14:21 ` Mr Dash Four
2011-06-20 14:27 ` Eric Paris
2011-06-30 11:35 ` Patrick McHardy
2011-06-08 18:36 ` [PATCH 3rd " Steve Grubb
2011-06-08 18:45 ` Mr Dash Four
2011-06-06 12:14 ` [PATCH 2nd " Steve Grubb
2011-06-06 12:25 ` Mr Dash Four
2011-06-06 12:30 ` Steve Grubb
2011-06-06 12:42 ` Mr Dash Four
2011-06-06 12:53 ` Steve Grubb
2011-06-06 13:10 ` Mr Dash Four
2011-06-06 23:22 ` Pablo Neira Ayuso
2011-06-07 0:59 ` Steve Grubb
2011-06-07 1:23 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4DEC0C01.4040900@netfilter.org \
--to=pablo@netfilter.org \
--cc=eparis@parisplace.org \
--cc=kaber@trash.net \
--cc=linux-audit@redhat.com \
--cc=mr.dash.four@googlemail.com \
--cc=netfilter-devel@vger.kernel.org \
--cc=tgraf@redhat.com \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).