diff options
author | Eric Paris <eparis@redhat.com> | 2013-05-24 18:09:50 +0200 |
---|---|---|
committer | Eric Paris <eparis@redhat.com> | 2013-11-05 17:07:35 +0100 |
commit | b805b198dc74b73aabb6969a3db734c71c05c88c (patch) | |
tree | 7863f6b26836117ac4677554252376e3a8c014de /security/selinux/nlmsgtab.c | |
parent | audit: implement generic feature setting and retrieving (diff) | |
download | linux-b805b198dc74b73aabb6969a3db734c71c05c88c.tar.xz linux-b805b198dc74b73aabb6969a3db734c71c05c88c.zip |
selinux: apply selinux checks on new audit message types
We use the read check to get the feature set (like AUDIT_GET) and the
write check to set the features (like AUDIT_SET).
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'security/selinux/nlmsgtab.c')
-rw-r--r-- | security/selinux/nlmsgtab.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c index 855e464e92ef..332ac8a80cf5 100644 --- a/security/selinux/nlmsgtab.c +++ b/security/selinux/nlmsgtab.c @@ -116,6 +116,8 @@ static struct nlmsg_perm nlmsg_audit_perms[] = { AUDIT_MAKE_EQUIV, NETLINK_AUDIT_SOCKET__NLMSG_WRITE }, { AUDIT_TTY_GET, NETLINK_AUDIT_SOCKET__NLMSG_READ }, { AUDIT_TTY_SET, NETLINK_AUDIT_SOCKET__NLMSG_TTY_AUDIT }, + { AUDIT_GET_FEATURE, NETLINK_AUDIT_SOCKET__NLMSG_READ }, + { AUDIT_SET_FEATURE, NETLINK_AUDIT_SOCKET__NLMSG_WRITE }, }; |