diff options
author | Dustin Kirkland <dustin.kirkland@us.ibm.com> | 2005-11-03 17:15:16 +0000 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2006-03-20 14:08:54 -0500 |
commit | 8c8570fb8feef2bc166bee75a85748b25cda22d9 (patch) | |
tree | ed783d405ea9d5f3d3ccc57fb56c7b7cb2cdfb82 /ipc/shm.c | |
parent | c8edc80c8b8c397c53f4f659a05b9ea6208029bf (diff) | |
download | linux-8c8570fb8feef2bc166bee75a85748b25cda22d9.tar.gz linux-8c8570fb8feef2bc166bee75a85748b25cda22d9.tar.bz2 linux-8c8570fb8feef2bc166bee75a85748b25cda22d9.zip |
[PATCH] Capture selinux subject/object context information.
This patch extends existing audit records with subject/object context
information. Audit records associated with filesystem inodes, ipc, and
tasks now contain SELinux label information in the field "subj" if the
item is performing the action, or in "obj" if the item is the receiver
of an action.
These labels are collected via hooks in SELinux and appended to the
appropriate record in the audit code.
This additional information is required for Common Criteria Labeled
Security Protection Profile (LSPP).
[AV: fixed kmalloc flags use]
[folded leak fixes]
[folded cleanup from akpm (kfree(NULL)]
[folded audit_inode_context() leak fix]
[folded akpm's fix for audit_ipc_perm() definition in case of !CONFIG_AUDIT]
Signed-off-by: Dustin Kirkland <dustin.kirkland@us.ibm.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'ipc/shm.c')
-rw-r--r-- | ipc/shm.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ipc/shm.c b/ipc/shm.c index 9162123a7b23..a88c8a02e7f3 100644 --- a/ipc/shm.c +++ b/ipc/shm.c @@ -620,13 +620,13 @@ asmlinkage long sys_shmctl (int shmid, int cmd, struct shmid_ds __user *buf) err = -EFAULT; goto out; } - if ((err = audit_ipc_perms(0, setbuf.uid, setbuf.gid, setbuf.mode))) - return err; down(&shm_ids.sem); shp = shm_lock(shmid); err=-EINVAL; if(shp==NULL) goto out_up; + if ((err = audit_ipc_perms(0, setbuf.uid, setbuf.gid, setbuf.mode, &(shp->shm_perm)))) + goto out_unlock_up; err = shm_checkid(shp,shmid); if(err) goto out_unlock_up; |