leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
131ad62d8f
linux/net
History
Mr Dash Four 131ad62d8f netfilter: add SELinux context support to AUDIT target 
In this revision the conversion of secid to SELinux context and adding it
to the audit log is moved from xt_AUDIT.c to audit.c with the aid of a
separate helper function - audit_log_secctx - which does both the conversion
and logging of SELinux context, thus also preventing internal secid number
being leaked to userspace. If conversion is not successful an error is raised.

With the introduction of this helper function the work done in xt_AUDIT.c is
much more simplified. It also opens the possibility of this helper function
being used by other modules (including auditd itself), if desired. With this
addition, typical (raw auditd) output after applying the patch would be:

type=NETFILTER_PKT msg=audit(1305852240.082:31012): action=0 hook=1 len=52 inif=? outif=eth0 saddr=10.1.1.7 daddr=10.1.2.1 ipid=16312 proto=6 sport=56150 dport=22 obj=system_u:object_r:ssh_client_packet_t:s0
type=NETFILTER_PKT msg=audit(1306772064.079:56): action=0 hook=3 len=48 inif=eth0 outif=? smac=00:05:5d:7c:27:0b dmac=00:02:b3:0a:7f:81 macproto=0x0800 saddr=10.1.2.1 daddr=10.1.1.7 ipid=462 proto=6 sport=22 dport=3561 obj=system_u:object_r:ssh_server_packet_t:s0

Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Mr Dash Four <mr.dash.four@googlemail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
2011-06-30 13:31:57 +02:00
..
9p Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband 2011-05-26 12:13:57 -07:00
802 snap: remove one synchronize_net() 2011-05-23 16:29:24 -04:00
8021q Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-06-04 13:38:31 -07:00
appletalk appletalk: Fix OOPS in atalk_release(). 2011-03-31 18:59:10 -07:00
atm net: remove interrupt.h inclusion from netdevice.h 2011-06-06 22:55:11 -07:00
ax25 ax25: Fix set-but-unused variable. 2011-04-17 00:48:31 -07:00
batman-adv Merge branch 'batman-adv/next' of git://git.open-mesh.org/ecsv/linux-merge 2011-06-09 14:56:13 -07:00
bluetooth net: Remove unnecessary semicolons 2011-06-05 14:33:39 -07:00
bridge rtnetlink: Compute and store minimum ifinfo dump size 2011-06-09 20:38:07 -07:00
caif net: remove interrupt.h inclusion from netdevice.h 2011-06-06 22:55:11 -07:00
can net: remove interrupt.h inclusion from netdevice.h 2011-06-06 22:55:11 -07:00
ceph libceph: subscribe to osdmap when cluster is full 2011-05-24 11:52:11 -07:00
core net: export time stamp utility function for Ethernet MAC drivers 2011-06-13 17:26:12 -04:00
dcb rtnetlink: Compute and store minimum ifinfo dump size 2011-06-09 20:38:07 -07:00
dccp ipv4: Make caller provide flowi4 key to inet_csk_route_req(). 2011-05-18 18:32:03 -04:00
decnet rtnetlink: Compute and store minimum ifinfo dump size 2011-06-09 20:38:07 -07:00
dns_resolver KEYS: Improve /proc/keys 2011-03-17 11:59:32 +11:00
dsa Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-05-05 14:59:02 -07:00
econet econet: Fix set-but-unused variable. 2011-04-17 00:15:22 -07:00
ethernet eth: fix new kernel-doc warning 2011-01-12 19:00:40 -08:00
ieee802154 ieee802154: Remove hacked CFLAGS in net/ieee802154/Makefile 2011-04-12 15:33:23 -07:00
ipv4 snmp: reduce percpu needs by 50% 2011-06-11 16:23:59 -07:00
ipv6 rtnetlink: Compute and store minimum ifinfo dump size 2011-06-09 20:38:07 -07:00
ipx ipx: fix ipx_release() 2011-03-21 18:16:39 -07:00
irda irda: Fix error propagation in ircomm_lmp_connect_response() 2011-05-19 18:58:39 -04:00
iucv [S390] irq: merge irq.c and s390_ext.c 2011-05-26 09:48:24 +02:00
key net: convert %p usage to %pK 2011-05-24 01:13:12 -04:00
l2tp l2tp: fix l2tp_ip_sendmsg() route handling 2011-06-13 17:31:30 -04:00
lapb Net: lapb: Makefile: Remove deprecated kbuild goal definitions 2010-11-22 08:16:14 -08:00
llc llc: Fix length check in llc_fixup_skb(). 2011-04-11 18:59:05 -07:00
mac80211 mac80211: Stop BA session event from device 2011-06-07 14:41:36 -04:00
netfilter netfilter: add SELinux context support to AUDIT target 2011-06-30 13:31:57 +02:00
netlabel Remove prefetch() from <linux/skbuff.h> and "netlabel_addrlist.h" 2011-05-22 21:43:41 -07:00
netlink rtnetlink: Compute and store minimum ifinfo dump size 2011-06-09 20:38:07 -07:00
netrom NET: AX.25, NETROM, ROSE: Remove SOCK_DEBUG calls 2011-04-14 00:20:07 -07:00
packet virtio_net: introduce VIRTIO_NET_HDR_F_DATA_VALID 2011-06-11 15:57:47 -07:00
phonet rtnetlink: Compute and store minimum ifinfo dump size 2011-06-09 20:38:07 -07:00
rds net: remove interrupt.h inclusion from netdevice.h 2011-06-06 22:55:11 -07:00
rfkill net: rfkill: add generic gpio rfkill driver 2011-05-19 13:53:54 -04:00
rose NET: AX.25, NETROM, ROSE: Remove SOCK_DEBUG calls 2011-04-14 00:20:07 -07:00
rxrpc rxrpc: Fix set but unused variable 'usage' in rxrpc_get_transport() 2011-05-19 18:51:50 -04:00
sched rtnetlink: Compute and store minimum ifinfo dump size 2011-06-09 20:38:07 -07:00
sctp sctp: kzalloc() error handling on deleting last address 2011-06-11 15:53:45 -07:00
sunrpc net: remove interrupt.h inclusion from netdevice.h 2011-06-06 22:55:11 -07:00
tipc tipc: Revise timings used when sending link request messages 2011-05-10 16:04:02 -04:00
unix net: convert %p usage to %pK 2011-05-24 01:13:12 -04:00
wanrouter Fix common misspellings 2011-03-31 11:26:23 -03:00
wimax
wireless Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 2011-06-07 14:07:11 -04:00
x25 Fix common misspellings 2011-03-31 11:26:23 -03:00
xfrm rtnetlink: Compute and store minimum ifinfo dump size 2011-06-09 20:38:07 -07:00
compat.c net: Add sendmmsg socket system call 2011-05-05 11:10:14 -07:00
Kconfig bpf: depends on MODULES 2011-04-29 10:20:53 -07:00
Makefile net: Enter net/ipv6/ even if CONFIG_IPV6=n 2011-03-07 12:50:52 -08:00
nonet.c
socket.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2011-05-20 13:43:21 -07:00
sysctl_net.c
TUNABLE