diff options
| author | Deven Bowers <deven.desai@linux.microsoft.com> | 2024-08-02 23:08:24 -0700 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2024-08-20 14:02:27 -0400 |
| commit | a68916eaedcd01f254ac4c09ca12b5065d710fd0 (patch) | |
| tree | 4d9f82724404cf29cbfaa9150f439e1e3b2933d4 /include/linux/lsm_hooks.h | |
| parent | f44554b5067b36c14cc91ed811fa1bd58baed34a (diff) | |
ipe: add permissive toggle
IPE, like SELinux, supports a permissive mode. This mode allows policy
authors to test and evaluate IPE policy without it affecting their
programs. When the mode is changed, a 1404 AUDIT_MAC_STATUS will
be reported.
This patch adds the following audit records:
audit: MAC_STATUS enforcing=0 old_enforcing=1 auid=4294967295
ses=4294967295 enabled=1 old-enabled=1 lsm=ipe res=1
audit: MAC_STATUS enforcing=1 old_enforcing=0 auid=4294967295
ses=4294967295 enabled=1 old-enabled=1 lsm=ipe res=1
The audit record only emit when the value from the user input is
different from the current enforce value.
Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com>
Signed-off-by: Fan Wu <wufan@linux.microsoft.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'include/linux/lsm_hooks.h')
0 files changed, 0 insertions, 0 deletions