[PATCH 0/8] IMA: work on audit records produced by IMA
From: Stefan Berger
Date: Fri May 25 2018 - 07:02:15 EST
This series of patches cleans up some usages of the audit
subsystem's API by IMA and extends the audit subsystem's API
with API calls for adding new fields to the audit_buffer. Besides
that we extend the existing audit records created while parsing
IMA policy rules with fields that are common for audit records
produced by IMA. Besides that we introduce a new record type
that IMA creates while parsing policy rules.
Stefan
Stefan Berger (8):
ima: Call audit_log_string() rather than logging it untrusted
ima: Use audit_log_format() rather than audit_log_string()
audit: Implement audit_log_tty()
audit: Allow others to call audit_log_d_path_exe()
integrity: Add exe= and tty= before res= to integrity audits
integrity: Factor out common part of integrity_audit_msg()
ima: Do not audit if CONFIG_INTEGRITY_AUDIT is not set
ima: Differentiate auditing policy rules from "audit" actions
include/linux/audit.h | 10 ++++++++++
include/uapi/linux/audit.h | 3 ++-
kernel/audit.c | 8 ++++++++
security/integrity/ima/Kconfig | 1 +
security/integrity/ima/ima_policy.c | 12 ++++++++----
security/integrity/integrity.h | 26 ++++++++++++++++++++++++++
security/integrity/integrity_audit.c | 32 +++++++++++++++++++-------------
7 files changed, 74 insertions(+), 18 deletions(-)
--
2.13.6