[RFC][PATCH 0/3] Introduce audit_syscall LSM hook

From: Adrian Drzewiecki (z@private)
Date: Fri Dec 03 2004 - 10:59:28 PST

Previous message: Serge Hallyn: "Re: [RFC] [Stacking v4 2/3] New version of SELinux patch to support stacking"
Next in thread: Chris Wright: "Re: [RFC][PATCH 0/3] Introduce audit_syscall LSM hook"
Reply: Chris Wright: "Re: [RFC][PATCH 0/3] Introduce audit_syscall LSM hook"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Goal: let LSMs define custom syscall auditing.

The patch below introduces a new LSM hook security_audit_syscall.
It is meant to be called from ptrace.c:do_syscall_trace(). Architectures
which choose to use this hook should move the syscall audit code
out of do_syscall_trace() into audit_syscall() and
define ARCH_HAVE_AUDIT_SYSCALL. See i386 and UM arch patches for details.

patch-1: introduce security_audit_syscall
patch-2: make i386 arch use security_audit_syscall
patch-3: make UM arch use security_audit_syscall

Please send email directly, as I'm not subscribed to any mailing list.

Thanks,
-Adrian

Previous message: Serge Hallyn: "Re: [RFC] [Stacking v4 2/3] New version of SELinux patch to support stacking"
Next in thread: Chris Wright: "Re: [RFC][PATCH 0/3] Introduce audit_syscall LSM hook"
Reply: Chris Wright: "Re: [RFC][PATCH 0/3] Introduce audit_syscall LSM hook"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Dec 06 2004 - 15:51:47 PST