]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7dfe847) | patch
selinux: allow dontauditx and auditallowx rules to take effect without allowx
authorbauen1 <j2468h@googlemail.com>
Fri, 9 Oct 2020 12:47:11 +0000 (14:47 +0200)
committerPaul Moore <paul@paul-moore.com>
Wed, 28 Oct 2020 02:21:11 +0000 (22:21 -0400)
commitacce5d0afc979c51cc3f8e3c9c592b09c3b1e397
treeea3b09c6ede9b129ddfa82c9438d1cd2fc756c10tree | snapshot
parent7dfe847311714e75c859d4b009252696c50c1e8ccommit | diff
selinux: allow dontauditx and auditallowx rules to take effect without allowx

This allows for dontauditing very specific ioctls e.g. TCGETS without
dontauditing every ioctl or granting additional permissions.

Now either an allowx, dontauditx or auditallowx rules enables checking
for extended permissions.

Signed-off-by: Jonathan Hettwer <j2468h@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
security/selinux/ss/services.c diff | blob | history
Linux Kernel Source Tree.