projects / platform / kernel / linux-starfive.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 83370b3) | patch
selinux: allow dontauditx and auditallowx rules to take effect without allowx
authorbauen1 <j2468h@googlemail.com>
Fri, 9 Oct 2020 12:47:11 +0000 (14:47 +0200)
committerPaul Moore <paul@paul-moore.com>
Wed, 28 Oct 2020 02:21:11 +0000 (22:21 -0400)
commit44141f58e14317853698f994ca5c3785a0c230d0
treeea3b09c6ede9b129ddfa82c9438d1cd2fc756c10tree | snapshot
parent83370b31a915493231e5b9addc72e4bef69f8d31commit | diff
selinux: allow dontauditx and auditallowx rules to take effect without allowx

This allows for dontauditing very specific ioctls e.g. TCGETS without
dontauditing every ioctl or granting additional permissions.

Now either an allowx, dontauditx or auditallowx rules enables checking
for extended permissions.

Signed-off-by: Jonathan Hettwer <j2468h@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
security/selinux/ss/services.c diff | blob | history
Domain: System / Kernel;