mirror of
https://github.com/torvalds/linux.git
synced 2026-03-08 04:24:31 +01:00
a68916eaed
IPE, like SELinux, supports a permissive mode. This mode allows policy
authors to test and evaluate IPE policy without it affecting their
programs. When the mode is changed, a 1404 AUDIT_MAC_STATUS will
be reported.
This patch adds the following audit records:
audit: MAC_STATUS enforcing=0 old_enforcing=1 auid=4294967295
ses=4294967295 enabled=1 old-enabled=1 lsm=ipe res=1
audit: MAC_STATUS enforcing=1 old_enforcing=0 auid=4294967295
ses=4294967295 enabled=1 old-enabled=1 lsm=ipe res=1
The audit record only emit when the value from the user input is
different from the current enforce value.
Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com>
Signed-off-by: Fan Wu <wufan@linux.microsoft.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
||
|---|---|---|
| .. | ||
| audit.c | ||
| audit.h | ||
| eval.c | ||
| eval.h | ||
| fs.c | ||
| fs.h | ||
| hooks.c | ||
| hooks.h | ||
| ipe.c | ||
| ipe.h | ||
| Kconfig | ||
| Makefile | ||
| policy.c | ||
| policy.h | ||
| policy_fs.c | ||
| policy_parser.c | ||
| policy_parser.h | ||