On Tue, 2 Jun 2009, Eric Paris wrote:
> Audit trees defined 2 new netlink messages but the netlink mapping tables for
> selinux permissions were not set up. This patch maps these 2 new operations
> to AUDIT_WRITE.
>
> Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#next
> ---
>
> security/selinux/nlmsgtab.c | 2 ++
> 1 files changed, 2 insertions(+), 0 deletions(-)
>
> diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
> index c6875fd..dd7cc6d 100644
> --- a/security/selinux/nlmsgtab.c
> +++ b/security/selinux/nlmsgtab.c
> @@ -112,6 +112,8 @@ static struct nlmsg_perm nlmsg_audit_perms[] =
> { AUDIT_DEL_RULE, NETLINK_AUDIT_SOCKET__NLMSG_WRITE },
> { AUDIT_USER, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
> { AUDIT_SIGNAL_INFO, NETLINK_AUDIT_SOCKET__NLMSG_READ },
> + { AUDIT_TRIM, NETLINK_AUDIT_SOCKET__NLMSG_WRITE },
> + { AUDIT_MAKE_EQUIV, NETLINK_AUDIT_SOCKET__NLMSG_WRITE },
> { AUDIT_TTY_GET, NETLINK_AUDIT_SOCKET__NLMSG_READ },
> { AUDIT_TTY_SET, NETLINK_AUDIT_SOCKET__NLMSG_TTY_AUDIT },
> };
>
--
James Morris
<jmorris@xxxxxxxxx>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
