[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[PATCH] audit: filter userspace audit messages on selinux context



We have the information, so lets allow userspace audit messages to be
filtered based on the SELinux context.  In particular this can be useful to
shut up the login events generated every time a cron job runs.

Signed-off-by: Eric Paris <eparis redhat com>
---

 kernel/auditfilter.c |    9 +++++++++
 1 files changed, 9 insertions(+), 0 deletions(-)

diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 30ccdb9..6e251df 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -1252,6 +1252,15 @@ static int audit_filter_user_rules(struct netlink_skb_parms *cb,
 		case AUDIT_LOGINUID:
 			result = audit_comparator(cb->loginuid, f->op, f->val);
 			break;
+		case AUDIT_SUBJ_USER:
+		case AUDIT_SUBJ_ROLE:
+		case AUDIT_SUBJ_TYPE:
+		case AUDIT_SUBJ_SEN:
+		case AUDIT_SUBJ_CLR:
+			result = security_audit_rule_match(cb->sid, f->type,
+							   f->op, f->lsm_rule,
+							   NULL);
+			break;
 		}
 
 		if (!result)


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]