Add SELinux context support to the AUDIT target and enable SELinux context reporting on AUDITed packet(s).
Signed-off-by: Mr Dash Four <[email protected]> --- net/netfilter/xt_AUDIT.c | 15 +++++++++++++++ 1 files changed, 15 insertions(+), 0 deletions(-) diff --git a/net/netfilter/xt_AUDIT.c b/net/netfilter/xt_AUDIT.c index f17a0e4..c727215 100644 --- a/net/netfilter/xt_AUDIT.c +++ b/net/netfilter/xt_AUDIT.c @@ -20,6 +20,9 @@ #include <linux/netfilter/x_tables.h> #include <linux/netfilter/xt_AUDIT.h> #include <linux/netfilter_bridge/ebtables.h> +#ifdef CONFIG_NF_CONNTRACK_SECMARK +#include <linux/security.h> +#endif #ifdef CONFIG_IPV6 #include <net/ipv6.h> #endif @@ -130,6 +133,10 @@ audit_tg(struct sk_buff *skb, const struct xt_action_param *par) { const struct xt_audit_info *info = par->targinfo; struct audit_buffer *ab; +#ifdef CONFIG_NF_CONNTRACK_SECMARK + u32 len; + char *secctx; +#endif ab = audit_log_start(NULL, GFP_ATOMIC, AUDIT_NETFILTER_PKT); if (ab == NULL) @@ -143,6 +150,14 @@ audit_tg(struct sk_buff *skb, const struct xt_action_param *par) if (skb->mark) audit_log_format(ab, " mark=%#x", skb->mark); +#ifdef CONFIG_NF_CONNTRACK_SECMARK + if (skb->secmark) + if (!security_secid_to_secctx(skb->secmark, &secctx, &len)) { + audit_log_format(ab, " obj=%s", secctx); + security_release_secctx(secctx, len); + } +#endif + if (skb->dev && skb->dev->type == ARPHRD_ETHER) { audit_log_format(ab, " smac=%pM dmac=%pM macproto=0x%04x", eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest, -- 1.7.3.4 -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
