[PATCH] audit: filter userspace audit messages on selinux context
Eric Paris
eparis at redhat.com
Thu Sep 16 21:43:36 UTC 2010
We have the information, so lets allow userspace audit messages to be
filtered based on the SELinux context. In particular this can be useful to
shut up the login events generated every time a cron job runs.
Signed-off-by: Eric Paris <eparis at redhat.com>
---
kernel/auditfilter.c | 9 +++++++++
1 files changed, 9 insertions(+), 0 deletions(-)
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 30ccdb9..6e251df 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -1252,6 +1252,15 @@ static int audit_filter_user_rules(struct netlink_skb_parms *cb,
case AUDIT_LOGINUID:
result = audit_comparator(cb->loginuid, f->op, f->val);
break;
+ case AUDIT_SUBJ_USER:
+ case AUDIT_SUBJ_ROLE:
+ case AUDIT_SUBJ_TYPE:
+ case AUDIT_SUBJ_SEN:
+ case AUDIT_SUBJ_CLR:
+ result = security_audit_rule_match(cb->sid, f->type,
+ f->op, f->lsm_rule,
+ NULL);
+ break;
}
if (!result)
More information about the Linux-audit
mailing list