Home
last modified time | relevance | path

Searched refs:audit (Results 1 – 25 of 60) sorted by relevance

123

/linux/tools/perf/scripts/python/Perf-Trace-Util/lib/Perf/Trace/
H A DUtil.py54 import audit
56 'x86_64': audit.MACH_86_64,
57 'aarch64': audit.MACH_AARCH64,
58 'alpha' : audit.MACH_ALPHA,
59 'ia64' : audit.MACH_IA64,
60 'ppc' : audit.MACH_PPC,
61 'ppc64' : audit.MACH_PPC64,
62 'ppc64le' : audit.MACH_PPC64LE,
63 's390' : audit.MACH_S390,
64 's390x' : audit.MACH_S390X,
[all …]
/linux/Documentation/ABI/stable/
H A Dprocfs-audit_loginuid3 KernelVersion: 2.6.11-rc2 1e2d1492e178 ("[PATCH] audit: handle loginuid through proc")
4 Contact: linux-audit@redhat.com
5 Users: audit and login applications
8 read to get the audit login UID of process $pid as a
20 Contact: linux-audit@redhat.com
21 Users: audit and login applications
24 audit login session ID of process $pid as a decimal
/linux/arch/x86/ia32/
H A DMakefile6 audit-class-$(CONFIG_AUDIT) := audit.o
7 obj-$(CONFIG_IA32_EMULATION) += $(audit-class-y)
/linux/security/apparmor/
H A Ddomain.c295 perms->audit = perms->quiet = perms->kill = 0; in change_profile_perms()
688 goto audit; in profile_transition()
703 perms.audit |= MAY_EXEC; in profile_transition()
731 perms.audit |= MAY_EXEC; in profile_transition()
733 goto audit; in profile_transition()
767 goto audit; in profile_transition()
780 audit: in profile_transition()
828 goto audit; in profile_onexec()
835 goto audit; in profile_onexec()
846 goto audit; in profile_onexec()
[all …]
H A Dmount.c145 u32 mask = perms->audit; in audit_mount()
179 if (data && (perms->audit & AA_AUDIT_DATA)) in audit_mount()
327 goto audit; in match_mnt_path_str()
332 goto audit; in match_mnt_path_str()
341 goto audit; in match_mnt_path_str()
345 audit: in match_mnt_path_str()
620 goto audit; in profile_umount()
629 audit: in profile_umount()
687 goto audit; in build_pivotroot()
692 goto audit; in build_pivotroot()
[all …]
H A Dfile.c115 u32 mask = perms->audit; in aa_audit_file()
337 goto audit; in profile_path_link()
344 goto audit; in profile_path_link()
353 goto audit; in profile_path_link()
362 lperms.audit = perms.audit; in profile_path_link()
369 goto audit; in profile_path_link()
388 goto audit; in profile_path_link()
394 goto audit; in profile_path_link()
400 audit: in profile_path_link()
H A Dpolicy_compat.c118 perms.audit = map_old_perms(dfa_user_audit(dfa, state)); in compute_fperms_user()
133 perms.audit = map_old_perms(dfa_other_audit(dfa, state)); in compute_fperms_other()
217 perms.audit = dfa_user_audit(dfa, state); in compute_perms_entry()
241 perms.audit |= map_other(dfa_other_audit(dfa, state)); in compute_perms_entry()
H A Dlib.c365 perms->audit = ALL_PERMS_MASK; in aa_apply_modes_to_perms()
371 perms->audit = 0; in aa_apply_modes_to_perms()
427 request &= perms->audit; in aa_check_perms()
H A DMakefile6 apparmor-y := apparmorfs.o audit.o capability.o task.o ipc.o lib.o match.o \
/linux/security/integrity/
H A Dintegrity_audit.c20 unsigned long audit; in integrity_audit_setup() local
22 if (!kstrtoul(str, 0, &audit)) in integrity_audit_setup()
23 integrity_audit_info = audit ? 1 : 0; in integrity_audit_setup()
/linux/security/apparmor/include/
H A Dperms.h80 u32 audit; /* set only when allow is set */ member
112 accum->audit |= addend->audit & addend->allow; in aa_perms_accum_raw()
139 accum->audit |= addend->audit & accum->allow; in aa_perms_accum()
H A Dcapability.h30 kernel_cap_t audit; member
H A Dpolicy.h241 enum audit_mode audit; member
413 return profile->audit; in AUDIT_MODE()
H A Dfile.h72 #define COMBINED_PERM_MASK(X) ((X).allow | (X).audit | (X).quiet | (X).kill)
/linux/security/tomoyo/
H A DKconfig30 int "Default maximal count for audit log"
36 audit logs that the kernel can hold on memory.
37 You can read the log via /sys/kernel/security/tomoyo/audit.
38 If you don't need audit logs, you may set this value to 0.
H A DMakefile2 obj-y = audit.o common.o condition.o domain.o environ.o file.o gc.o group.o load_policy.o memory.o …
/linux/Documentation/admin-guide/LSM/
H A Dipe.rst132 generates audit logs which may be utilized to detect and analyze failures
350 …type=1420 audit(1653364370.067:61): ipe_op=EXECUTE ipe_hook=MMAP enforcing=1 pid=2241 comm="ld-lin…
351 …type=1300 audit(1653364370.067:61): SYSCALL arch=c000003e syscall=9 success=no exit=-13 a0=7f1105a…
352 type=1327 audit(1653364370.067:61): 707974686F6E3300746573742F6D61696E2E7079002D6E00
354 …type=1420 audit(1653364735.161:64): ipe_op=EXECUTE ipe_hook=MMAP enforcing=1 pid=2472 comm="mmap_t…
355 …type=1300 audit(1653364735.161:64): SYSCALL arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=10…
356 type=1327 audit(1653364735.161:64): 707974686F6E3300746573742F6D61696E2E7079002D6E00
395 …type=1421 audit(1653425583.136:54): old_active_pol_name="Allow_All" old_active_pol_version=0.0.0 o…
396 …type=1300 audit(1653425583.136:54): SYSCALL arch=c000003e syscall=1 success=yes exit=2 a0=3 a1=559…
397 …type=1327 audit(1653425583.136:54): PROCTITLE proctitle=707974686F6E3300746573742F6D61696E2E707900…
[all …]
/linux/tools/perf/Documentation/
H A Dsecurity.txt140 monitoring and observability operations. Inspect system audit records for
155 audit records using journalctl command or /var/log/audit/audit.log so the
163audit[1318098]: AVC avc: denied { open } for pid=1318098 comm="perf" scontext=unconfined_u:unco…
168 be generated using the system audit records about blocking perf_event access.
/linux/security/landlock/
H A Dfs.c944 log_request_parent1->audit.type = LSM_AUDIT_DATA_PATH; in is_access_to_paths_allowed()
945 log_request_parent1->audit.u.path = *path; in is_access_to_paths_allowed()
954 log_request_parent2->audit.type = LSM_AUDIT_DATA_PATH; in is_access_to_paths_allowed()
955 log_request_parent2->audit.u.path = *path; in is_access_to_paths_allowed()
1244 request1.audit.u.path.dentry = old_parent; in current_check_refer_path()
1248 request2.audit.u.path.dentry = new_dir->dentry; in current_check_refer_path()
1399 .audit = { in log_fs_change_topology_path()
1413 .audit = { in log_fs_change_topology_dentry()
1725 .audit = { in hook_file_truncate()
1761 .audit = { in hook_file_ioctl_common()
H A Dnet.c189 .audit.type = LSM_AUDIT_DATA_NET, in current_check_access_socket()
190 .audit.u.net = &audit_net, in current_check_access_socket()
/linux/tools/testing/selftests/landlock/
H A Daudit_test.c41 FIXTURE(audit) in FIXTURE() argument
47 FIXTURE_SETUP(audit) in FIXTURE_SETUP() argument
66 FIXTURE_TEARDOWN(audit) in FIXTURE_TEARDOWN() argument
73 TEST_F(audit, layers) in TEST_F() argument
219 TEST_F(audit, thread) in TEST_F() argument
H A Dnet_test.c1896 FIXTURE(audit) in FIXTURE() argument
1903 FIXTURE_VARIANT(audit) in FIXTURE_VARIANT() argument
1910 FIXTURE_VARIANT_ADD(audit, ipv4) { in FIXTURE_VARIANT_ADD() argument
1920 FIXTURE_VARIANT_ADD(audit, ipv6) { in FIXTURE_VARIANT_ADD() argument
1929 FIXTURE_SETUP(audit) in FIXTURE_SETUP() argument
1940 FIXTURE_TEARDOWN(audit) in FIXTURE_TEARDOWN() argument
1947 TEST_F(audit, bind) in TEST_F() argument
1975 TEST_F(audit, connect) in TEST_F() argument
/linux/drivers/comedi/
H A DTODO5 - audit userspace interface
/linux/security/ipe/
H A DMakefile26 audit.o \
/linux/tools/perf/
H A Dcommand-list.txt34 perf-trace mainporcelain audit

123