From 32f50cdee666333168b5203c7864bede159f789e Mon Sep 17 00:00:00 2001 From: Paul Moore Date: Thu, 28 Sep 2006 14:51:47 -0700 Subject: [NetLabel]: add audit support for configuration changes This patch adds audit support to NetLabel, including six new audit message types shown below. #define AUDIT_MAC_UNLBL_ACCEPT 1406 #define AUDIT_MAC_UNLBL_DENY 1407 #define AUDIT_MAC_CIPSOV4_ADD 1408 #define AUDIT_MAC_CIPSOV4_DEL 1409 #define AUDIT_MAC_MAP_ADD 1410 #define AUDIT_MAC_MAP_DEL 1411 Signed-off-by: Paul Moore Acked-by: James Morris Signed-off-by: David S. Miller --- net/ipv4/cipso_ipv4.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'net/ipv4/cipso_ipv4.c') diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c index e6ce0b3ba62..c4e469ff842 100644 --- a/net/ipv4/cipso_ipv4.c +++ b/net/ipv4/cipso_ipv4.c @@ -474,6 +474,7 @@ doi_add_failure_rlock: /** * cipso_v4_doi_remove - Remove an existing DOI from the CIPSO protocol engine * @doi: the DOI value + * @audit_secid: the LSM secid to use in the audit message * @callback: the DOI cleanup/free callback * * Description: @@ -483,7 +484,9 @@ doi_add_failure_rlock: * success and negative values on failure. * */ -int cipso_v4_doi_remove(u32 doi, void (*callback) (struct rcu_head * head)) +int cipso_v4_doi_remove(u32 doi, + u32 audit_secid, + void (*callback) (struct rcu_head * head)) { struct cipso_v4_doi *doi_def; struct cipso_v4_domhsh_entry *dom_iter; @@ -502,7 +505,8 @@ int cipso_v4_doi_remove(u32 doi, void (*callback) (struct rcu_head * head)) spin_unlock(&cipso_v4_doi_list_lock); list_for_each_entry_rcu(dom_iter, &doi_def->dom_list, list) if (dom_iter->valid) - netlbl_domhsh_remove(dom_iter->domain); + netlbl_domhsh_remove(dom_iter->domain, + audit_secid); cipso_v4_cache_invalidate(); rcu_read_unlock(); -- cgit v1.2.3