Home
last modified time | relevance | path

Searched refs:audit (Results 1 – 25 of 58) sorted by relevance

123

/linux/tools/perf/scripts/python/Perf-Trace-Util/lib/Perf/Trace/
H A DUtil.py54 import audit
56 'x86_64': audit.MACH_86_64,
57 'aarch64': audit.MACH_AARCH64,
58 'alpha' : audit.MACH_ALPHA,
59 'ia64' : audit.MACH_IA64,
60 'ppc' : audit.MACH_PPC,
61 'ppc64' : audit.MACH_PPC64,
62 'ppc64le' : audit.MACH_PPC64LE,
63 's390' : audit.MACH_S390,
64 's390x' : audit.MACH_S390X,
[all …]
/linux/Documentation/ABI/stable/
H A Dprocfs-audit_loginuid3 KernelVersion: 2.6.11-rc2 1e2d1492e178 ("[PATCH] audit: handle loginuid through proc")
4 Contact: linux-audit@redhat.com
5 Users: audit and login applications
8 read to get the audit login UID of process $pid as a
20 Contact: linux-audit@redhat.com
21 Users: audit and login applications
24 audit login session ID of process $pid as a decimal
/linux/arch/x86/ia32/
H A DMakefile6 audit-class-$(CONFIG_AUDIT) := audit.o
7 obj-$(CONFIG_IA32_EMULATION) += $(audit-class-y)
/linux/security/apparmor/
H A Ddomain.c295 perms->audit = perms->quiet = perms->kill = 0; in change_profile_perms()
688 goto audit; in profile_transition()
703 perms.audit |= MAY_EXEC; in profile_transition()
731 perms.audit |= MAY_EXEC; in profile_transition()
733 goto audit; in profile_transition()
767 goto audit; in profile_transition()
780 audit: in profile_transition()
828 goto audit; in profile_onexec()
835 goto audit; in profile_onexec()
846 goto audit; in profile_onexec()
[all …]
H A Dmount.c145 u32 mask = perms->audit; in audit_mount()
179 if (data && (perms->audit & AA_AUDIT_DATA)) in audit_mount()
327 goto audit; in match_mnt_path_str()
332 goto audit; in match_mnt_path_str()
341 goto audit; in match_mnt_path_str()
345 audit: in match_mnt_path_str()
620 goto audit; in profile_umount()
629 audit: in profile_umount()
687 goto audit; in build_pivotroot()
692 goto audit; in build_pivotroot()
[all …]
H A Dfile.c116 u32 mask = perms->audit; in aa_audit_file()
342 goto audit; in profile_path_link()
349 goto audit; in profile_path_link()
358 goto audit; in profile_path_link()
367 lperms.audit = perms.audit; in profile_path_link()
374 goto audit; in profile_path_link()
393 goto audit; in profile_path_link()
399 goto audit; in profile_path_link()
405 audit: in profile_path_link()
H A Dpolicy_compat.c118 perms.audit = map_old_perms(dfa_user_audit(dfa, state)); in compute_fperms_user()
133 perms.audit = map_old_perms(dfa_other_audit(dfa, state)); in compute_fperms_other()
217 perms.audit = dfa_user_audit(dfa, state); in compute_perms_entry()
241 perms.audit |= map_other(dfa_other_audit(dfa, state)); in compute_perms_entry()
271 table[state].prompt, table[state].audit, in compute_perms()
H A Dlib.c367 perms->audit = ALL_PERMS_MASK; in aa_apply_modes_to_perms()
373 perms->audit = 0; in aa_apply_modes_to_perms()
429 request &= perms->audit; in aa_check_perms()
H A DMakefile6 apparmor-y := apparmorfs.o audit.o capability.o task.o ipc.o lib.o match.o \
/linux/security/landlock/
H A Dtask.c113 .audit = { in hook_ptrace_access_check()
159 .audit = { in hook_ptrace_traceme()
286 .audit = { in hook_unix_stream_connect()
323 .audit = { in hook_unix_may_send()
381 .audit = { in hook_task_kill()
422 .audit = { in hook_file_send_sigiotask()
H A Dfs.c928 log_request_parent1->audit.type = LSM_AUDIT_DATA_PATH; in is_access_to_paths_allowed()
929 log_request_parent1->audit.u.path = *path; in is_access_to_paths_allowed()
936 log_request_parent2->audit.type = LSM_AUDIT_DATA_PATH; in is_access_to_paths_allowed()
937 log_request_parent2->audit.u.path = *path; in is_access_to_paths_allowed()
1224 request1.audit.u.path.dentry = old_parent; in current_check_refer_path()
1228 request2.audit.u.path.dentry = new_dir->dentry; in current_check_refer_path()
1380 .audit = { in log_fs_change_topology_path()
1394 .audit = { in log_fs_change_topology_dentry()
1699 .audit = { in hook_file_truncate()
1735 .audit = { in hook_file_ioctl_common()
H A Dnet.c204 .audit.type = LSM_AUDIT_DATA_NET, in current_check_access_socket()
205 .audit.u.net = &audit_net, in current_check_access_socket()
/linux/security/integrity/
H A Dintegrity_audit.c20 unsigned long audit; in integrity_audit_setup() local
22 if (!kstrtoul(str, 0, &audit)) in integrity_audit_setup()
23 integrity_audit_info = audit ? 1 : 0; in integrity_audit_setup()
/linux/security/apparmor/include/
H A Dperms.h80 u32 audit; /* set only when allow is set */ member
112 accum->audit |= addend->audit & addend->allow; in aa_perms_accum_raw()
139 accum->audit |= addend->audit & accum->allow; in aa_perms_accum()
H A Dcapability.h30 kernel_cap_t audit; member
H A Dpolicy.h265 enum audit_mode audit; member
437 return profile->audit; in AUDIT_MODE()
/linux/security/tomoyo/
H A DKconfig30 int "Default maximal count for audit log"
36 audit logs that the kernel can hold on memory.
37 You can read the log via /sys/kernel/security/tomoyo/audit.
38 If you don't need audit logs, you may set this value to 0.
H A DMakefile4 obj-y = audit.o common.o condition.o domain.o environ.o file.o gc.o group.o load_policy.o memory.o mount.o network.o realpath.o securityfs_if.o tomoyo.o util.o
/linux/tools/testing/selftests/landlock/
H A Dptrace_test.c312 FIXTURE(audit) in FIXTURE() argument
318 FIXTURE_SETUP(audit) in FIXTURE_SETUP() argument
327 FIXTURE_TEARDOWN_PARENT(audit) in FIXTURE_TEARDOWN_PARENT() argument
333 TEST_F(audit, trace) in TEST_F() argument
H A Daudit_test.c41 FIXTURE(audit) in FIXTURE() argument
47 FIXTURE_SETUP(audit) in FIXTURE_SETUP() argument
66 FIXTURE_TEARDOWN(audit) in FIXTURE_TEARDOWN() argument
73 TEST_F(audit, layers) in TEST_F() argument
219 TEST_F(audit, thread) in TEST_F() argument
H A Dnet_test.c1922 FIXTURE(audit) in FIXTURE() argument
1929 FIXTURE_VARIANT(audit) in FIXTURE_VARIANT() argument
1936 FIXTURE_VARIANT_ADD(audit, ipv4) { in FIXTURE_VARIANT_ADD() argument
1946 FIXTURE_VARIANT_ADD(audit, ipv6) { in FIXTURE_VARIANT_ADD() argument
1955 FIXTURE_SETUP(audit) in FIXTURE_SETUP() argument
1966 FIXTURE_TEARDOWN(audit) in FIXTURE_TEARDOWN() argument
1973 TEST_F(audit, bind) in TEST_F() argument
2001 TEST_F(audit, connect) in TEST_F() argument
/linux/Documentation/admin-guide/LSM/
H A Dipe.rst132 generates audit logs which may be utilized to detect and analyze failures
350 …type=1420 audit(1653364370.067:61): ipe_op=EXECUTE ipe_hook=MMAP enforcing=1 pid=2241 comm="ld-lin…
351 …type=1300 audit(1653364370.067:61): SYSCALL arch=c000003e syscall=9 success=no exit=-13 a0=7f1105a…
352 type=1327 audit(1653364370.067:61): 707974686F6E3300746573742F6D61696E2E7079002D6E00
354 …type=1420 audit(1653364735.161:64): ipe_op=EXECUTE ipe_hook=MMAP enforcing=1 pid=2472 comm="mmap_t…
355 …type=1300 audit(1653364735.161:64): SYSCALL arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=10…
356 type=1327 audit(1653364735.161:64): 707974686F6E3300746573742F6D61696E2E7079002D6E00
395 …type=1421 audit(1653425583.136:54): old_active_pol_name="Allow_All" old_active_pol_version=0.0.0 o…
396 …type=1300 audit(1653425583.136:54): SYSCALL arch=c000003e syscall=1 success=yes exit=2 a0=3 a1=559…
397 …type=1327 audit(1653425583.136:54): PROCTITLE proctitle=707974686F6E3300746573742F6D61696E2E707900…
[all …]
/linux/tools/perf/Documentation/
H A Dsecurity.txt140 monitoring and observability operations. Inspect system audit records for
155 audit records using journalctl command or /var/log/audit/audit.log so the
163audit[1318098]: AVC avc: denied { open } for pid=1318098 comm="perf" scontext=unconfined_u:unco…
168 be generated using the system audit records about blocking perf_event access.
/linux/drivers/comedi/
H A DTODO5 - audit userspace interface
/linux/security/ipe/
H A DMakefile26 audit.o \

123