leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
d81165919e
linux/security
History
Paul Moore d81165919e lsm: Use a compressed IPv6 string format in audit events 
Currently the audit subsystem prints uncompressed IPv6 addresses which not
only differs from common usage but also results in ridiculously large audit
strings which is not a good thing.  This patch fixes this by simply converting
audit to always print compressed IPv6 addresses.

Old message example:

 audit(1253576792.161:30): avc:  denied  { ingress } for
  saddr=0000:0000:0000:0000:0000:0000:0000:0001 src=5000
  daddr=0000:0000:0000:0000:0000:0000:0000:0001 dest=35502 netif=lo
  scontext=system_u:object_r:unlabeled_t:s15:c0.c1023
  tcontext=system_u:object_r:lo_netif_t:s0-s15:c0.c1023 tclass=netif

New message example:

 audit(1253576792.161:30): avc:  denied  { ingress } for
  saddr=::1 src=5000 daddr=::1 dest=35502 netif=lo
  scontext=system_u:object_r:unlabeled_t:s15:c0.c1023
  tcontext=system_u:object_r:lo_netif_t:s0-s15:c0.c1023 tclass=netif

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2009-09-24 03:50:26 -04:00
..
integrity/ima seq_file: constify seq_operations 2009-09-23 07:39:29 -07:00
keys KEYS: Have the garbage collector set its timer for live expired keys 2009-09-23 11:03:47 -07:00
selinux SELinux: do not destroy the avc_cache_nodep 2009-09-23 11:16:20 -07:00
smack seq_file: constify seq_operations 2009-09-23 07:39:29 -07:00
tomoyo KEYS: Add a keyctl to install a process's session keyring on its parent [try #6] 2009-09-02 21:29:22 +10:00
capability.c LSM/SELinux: inode_{get,set,notify}secctx hooks to access LSM security context information. 2009-09-10 10:11:24 +10:00
commoncap.c Security/SELinux: seperate lsm specific mmap_min_addr 2009-08-17 15:09:11 +10:00
device_cgroup.c devcgroup: skip superfluous checks when found the DEV_ALL elem 2009-06-18 13:03:47 -07:00
inode.c securityfs: securityfs_remove should handle IS_ERR pointers 2009-05-12 11:06:11 +10:00
Kconfig Merge commit 'v2.6.31-rc8' into x86/txt 2009-09-02 08:17:56 +02:00
lsm_audit.c lsm: Use a compressed IPv6 string format in audit events 2009-09-24 03:50:26 -04:00
Makefile Security/SELinux: seperate lsm specific mmap_min_addr 2009-08-17 15:09:11 +10:00
min_addr.c Security/SELinux: seperate lsm specific mmap_min_addr 2009-08-17 15:09:11 +10:00
root_plug.c rootplug: Remove redundant initialization. 2009-05-27 13:30:46 +10:00
security.c LSM/SELinux: inode_{get,set,notify}secctx hooks to access LSM security context information. 2009-09-10 10:11:24 +10:00