Log the anonymous inode class name in the security hook
inode_init_security_anon. This name is the key for name based type
transitions on the anon_inode security class on creation. Example:
type=AVC msg=audit(02/16/22 22:02:50.585:216) : avc: granted \
{ create } for pid=2136 comm=mariadbd anonclass=[io_uring] \
scontext=system_u:system_r:mysqld_t:s0 \
tcontext=system_u:system_r:mysqld_iouring_t:s0 tclass=anon_inode
Add a new LSM audit data type holding the inode and the class name.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
[PM: adjusted 'anonclass' to be a trusted string, cgzones approved]
Signed-off-by: Paul Moore <paul@paul-moore.com>
#define LSM_AUDIT_DATA_IBENDPORT 14
#define LSM_AUDIT_DATA_LOCKDOWN 15
#define LSM_AUDIT_DATA_NOTIFICATION 16
+#define LSM_AUDIT_DATA_ANONINODE 17
union {
struct path path;
struct dentry *dentry;
struct lsm_ibpkey_audit *ibpkey;
struct lsm_ibendport_audit *ibendport;
int reason;
+ const char *anonclass;
} u;
/* this union contains LSM specific data */
union {
audit_log_format(ab, " lockdown_reason=\"%s\"",
lockdown_reasons[a->u.reason]);
break;
+ case LSM_AUDIT_DATA_ANONINODE:
+ audit_log_format(ab, " anonclass=%s", a->u.anonclass);
+ break;
} /* switch (a->type) */
}
* allowed to actually create this type of anonymous inode.
*/
- ad.type = LSM_AUDIT_DATA_INODE;
- ad.u.inode = inode;
+ ad.type = LSM_AUDIT_DATA_ANONINODE;
+ ad.u.anonclass = name ? (const char *)name->name : "?";
return avc_has_perm(&selinux_state,
tsec->sid,
projects / linux.git / commitdiff