AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2025-01-27 19:22:57 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
dba31ee759
linux_dsm_epyc7002/security/integrity/ima
History
Stefan Berger dba31ee759 ima: Differentiate auditing policy rules from "audit" actions 
The AUDIT_INTEGRITY_RULE is used for auditing IMA policy rules and
the IMA "audit" policy action.  This patch defines
AUDIT_INTEGRITY_POLICY_RULE to reflect the IMA policy rules.

Since we defined a new message type we can now also pass the
audit_context and get an associated SYSCALL record. This now produces
the following records when parsing IMA policy's rules:

type=UNKNOWN[1807] msg=audit(1527888965.738:320): action=audit \
  func=MMAP_CHECK mask=MAY_EXEC res=1
type=UNKNOWN[1807] msg=audit(1527888965.738:320): action=audit \
  func=FILE_CHECK mask=MAY_READ res=1
type=SYSCALL msg=audit(1527888965.738:320): arch=c000003e syscall=1 \
  success=yes exit=17 a0=1 a1=55bcfcca9030 a2=11 a3=7fcc1b55fb38 \
  items=0 ppid=1567 pid=1601 auid=0 uid=0 gid=0 euid=0 suid=0 \
  fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty2 ses=2 comm="echo" \
  exe="/usr/bin/echo" \
  subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2018-07-18 07:27:22 -04:00
..
ima_api.c audit: use inline function to get audit context 2018-05-14 17:24:18 -04:00
ima_appraise.c ima: Improvements in ima_appraise_measurement() 2018-03-25 07:26:30 -04:00
ima_crypto.c ima: Fallback to the builtin hash algorithm 2018-03-25 07:26:32 -04:00
ima_fs.c integrity: Add an integrity directory in securityfs 2018-05-17 08:03:07 -04:00
ima_init.c tpm: use struct tpm_chip for tpm_chip_find_get() 2018-01-08 12:58:36 +02:00
ima_kexec.c ima: Unify logging 2018-05-17 07:49:12 -04:00
ima_main.c ima: based on policy warn about loading firmware (pre-allocated buffer) 2018-07-16 12:31:57 -07:00
ima_mok.c KEYS: Use structure to capture key restriction function and data 2017-04-04 14:10:10 -07:00
ima_policy.c ima: Differentiate auditing policy rules from "audit" actions 2018-07-18 07:27:22 -04:00
ima_queue.c tpm: use struct tpm_chip for tpm_chip_find_get() 2018-01-08 12:58:36 +02:00
ima_template_lib.c ima: Unify logging 2018-05-17 07:49:12 -04:00
ima_template_lib.h ima: introduce ima_parse_buf() 2017-06-21 14:37:12 -04:00
ima_template.c ima: Fix line continuation format 2017-12-18 09:43:47 -05:00
ima.h ima: based on policy require signed kexec kernel images 2018-07-16 12:31:57 -07:00
Kconfig ima: Do not audit if CONFIG_INTEGRITY_AUDIT is not set 2018-07-18 07:27:22 -04:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00