korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-09-21 12:11:49 +08:00
Code Issues Packages Projects Releases Wiki Activity
a68916eaed
linux/security
History
Deven Bowers a68916eaed ipe: add permissive toggle 
IPE, like SELinux, supports a permissive mode. This mode allows policy
authors to test and evaluate IPE policy without it affecting their
programs. When the mode is changed, a 1404 AUDIT_MAC_STATUS will
be reported.

This patch adds the following audit records:

    audit: MAC_STATUS enforcing=0 old_enforcing=1 auid=4294967295
      ses=4294967295 enabled=1 old-enabled=1 lsm=ipe res=1
    audit: MAC_STATUS enforcing=1 old_enforcing=0 auid=4294967295
      ses=4294967295 enabled=1 old-enabled=1 lsm=ipe res=1

The audit record only emit when the value from the user input is
different from the current enforce value.

Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com>
Signed-off-by: Fan Wu <wufan@linux.microsoft.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2024-08-20 14:02:27 -04:00
..
apparmor lsm: infrastructure management of the sock security 2024-07-29 16:54:50 -04:00
bpf lsm: mark the lsm_id variables are marked as static 2023-11-12 22:54:42 -05:00
integrity lsm: add the inode_free_security_rcu() LSM implementation hook 2024-08-12 15:35:04 -04:00
ipe ipe: add permissive toggle 2024-08-20 14:02:27 -04:00
keys Performance events changes for v6.11: 2024-07-16 17:13:31 -07:00
landlock lsm: add the inode_free_security_rcu() LSM implementation hook 2024-08-12 15:35:04 -04:00
loadpin hardening fixes for v6.10-rc1 2024-05-24 08:33:44 -07:00
lockdown lockdown: Make lockdown_lsmid static 2024-08-15 12:11:42 -04:00
safesetid lsm: mark the lsm_id variables are marked as static 2023-11-12 22:54:42 -05:00
selinux lsm: Refactor return value of LSM hook inode_copy_up_xattr 2024-07-31 14:47:09 -04:00
smack lsm: Refactor return value of LSM hook inode_copy_up_xattr 2024-07-31 14:47:09 -04:00
tomoyo tomoyo: update project links 2024-06-03 22:43:11 +09:00
yama sysctl: treewide: constify the ctl_table argument of proc_handlers 2024-07-24 20:59:29 +02:00
commoncap.c lsm: Refactor return value of LSM hook vm_enough_memory 2024-07-31 14:46:51 -04:00
device_cgroup.c device_cgroup: Fix kernel-doc warnings in device_cgroup 2023-06-21 09:30:49 -04:00
inode.c lsm: add new securityfs delete function 2024-08-20 14:02:06 -04:00
Kconfig lsm: add IPE lsm 2024-08-19 22:36:26 -04:00
Kconfig.hardening Revert "mm: init_mlocked_on_free_v3" 2024-06-15 10:43:05 -07:00
lsm_audit.c lsm: fix a number of misspellings 2023-05-25 17:52:15 -04:00
lsm_syscalls.c lsm: use 32-bit compatible data types in LSM syscalls 2024-03-14 11:31:26 -04:00
Makefile lsm: add IPE lsm 2024-08-19 22:36:26 -04:00
min_addr.c sysctl: treewide: constify the ctl_table argument of proc_handlers 2024-07-24 20:59:29 +02:00
security.c initramfs,lsm: add a security hook to do_populate_rootfs() 2024-08-20 14:01:41 -04:00