Home
last modified time | relevance | path

Searched refs:audit (Results 1 – 48 of 48) sorted by relevance

/linux-4.4.14/tools/perf/scripts/python/Perf-Trace-Util/lib/Perf/Trace/
DUtil.py53 import audit
55 'x86_64': audit.MACH_86_64,
56 'alpha' : audit.MACH_ALPHA,
57 'ia64' : audit.MACH_IA64,
58 'ppc' : audit.MACH_PPC,
59 'ppc64' : audit.MACH_PPC64,
60 's390' : audit.MACH_S390,
61 's390x' : audit.MACH_S390X,
62 'i386' : audit.MACH_X86,
63 'i586' : audit.MACH_X86,
[all …]
/linux-4.4.14/security/apparmor/
Ddomain.c106 perms.audit = perms.quiet = perms.kill = 0; in change_profile_perms()
374 goto audit; in apparmor_bprm_set_creds()
403 goto audit; in apparmor_bprm_set_creds()
415 goto audit; in apparmor_bprm_set_creds()
468 goto audit; in apparmor_bprm_set_creds()
479 goto audit; in apparmor_bprm_set_creds()
513 audit: in apparmor_bprm_set_creds()
632 goto audit; in aa_change_hat()
675 goto audit; in aa_change_hat()
683 goto audit; in aa_change_hat()
[all …]
Dfile.c124 u32 mask = perms->audit; in aa_audit_file()
208 perms.audit = map_old_perms(dfa_user_audit(dfa, state)); in compute_perms()
213 perms.audit = map_old_perms(dfa_other_audit(dfa, state)); in compute_perms()
370 goto audit; in aa_path_link()
376 goto audit; in aa_path_link()
384 goto audit; in aa_path_link()
393 lperms.audit = perms.audit; in aa_path_link()
399 goto audit; in aa_path_link()
418 goto audit; in aa_path_link()
424 goto audit; in aa_path_link()
[all …]
Dcapability.c80 !cap_raised(profile->caps.audit, cap))) in audit_caps()
132 int aa_capable(struct aa_profile *profile, int cap, int audit) in aa_capable() argument
136 if (!audit) { in aa_capable()
DMakefile5 apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \
Dpolicy_unpack.c531 profile->audit = AUDIT_ALL; in unpack_profile()
545 if (!unpack_u32(e, &(profile->caps.audit.cap[0]), NULL)) in unpack_profile()
556 if (!unpack_u32(e, &(profile->caps.audit.cap[1]), NULL)) in unpack_profile()
Dlsm.c132 int cap, int audit) in apparmor_capable() argument
139 error = aa_capable(profile, cap, audit); in apparmor_capable()
701 module_param_call(audit, param_set_audit, param_get_audit,
/linux-4.4.14/arch/x86/ia32/
DMakefile9 audit-class-$(CONFIG_AUDIT) := audit.o
10 obj-$(CONFIG_IA32_EMULATION) += $(audit-class-y)
/linux-4.4.14/security/integrity/
Dintegrity_audit.c23 unsigned long audit; in integrity_audit_setup() local
25 if (!kstrtoul(str, 0, &audit)) in integrity_audit_setup()
26 integrity_audit_info = audit ? 1 : 0; in integrity_audit_setup()
DKconfig11 extension and audit measurement log support.
/linux-4.4.14/Documentation/DocBook/
Dkernel-api.xml.db559 API-audit-log-start
560 API-audit-log-format
561 API-audit-log-end
562 API-audit-log
563 API-audit-log-secctx
564 API-audit-alloc
565 API---audit-free
566 API---audit-syscall-entry
567 API---audit-syscall-exit
568 API---audit-reusename
[all …]
D.kernel-api.xml.cmd2 …scan.c drivers/firmware/edd.c security/security.c security/inode.c kernel/audit.c kernel/auditsc.c…
/linux-4.4.14/security/apparmor/include/
Dcapability.h33 kernel_cap_t audit; member
41 int aa_capable(struct aa_profile *profile, int cap, int audit);
Dfile.h89 u32 audit; member
97 #define COMBINED_PERM_MASK(X) ((X).allow | (X).audit | (X).quiet | (X).kill)
Dpolicy.h211 enum audit_mode audit; member
403 return profile->audit; in AUDIT_MODE()
/linux-4.4.14/security/tomoyo/
DKconfig31 int "Default maximal count for audit log"
37 audit logs that the kernel can hold on memory.
38 You can read the log via /sys/kernel/security/tomoyo/audit.
39 If you don't need audit logs, you may set this value to 0.
DMakefile1 obj-y = audit.o common.o condition.o domain.o environ.o file.o gc.o group.o load_policy.o memory.o …
/linux-4.4.14/arch/sparc/kernel/
DMakefile112 obj-$(CONFIG_AUDIT) += audit.o
113 audit--$(CONFIG_AUDIT) := compat_audit.o
114 obj-$(CONFIG_COMPAT) += $(audit--y)
/linux-4.4.14/drivers/staging/comedi/
DTODO5 - audit userspace interface
/linux-4.4.14/arch/parisc/kernel/
DMakefile32 obj-$(CONFIG_AUDIT) += audit.o
/linux-4.4.14/arch/s390/kernel/
DMakefile55 obj-$(CONFIG_AUDIT) += audit.o
/linux-4.4.14/arch/ia64/kernel/
DMakefile32 obj-$(CONFIG_AUDIT) += audit.o
/linux-4.4.14/drivers/staging/android/
DTODO6 - audit userspace interfaces to make sure they are sane
/linux-4.4.14/include/net/iucv/
Diucv.h116 u32 audit; member
/linux-4.4.14/Documentation/ABI/testing/
Dima_policy20 action: measure | dont_measure | appraise | dont_appraise | audit
/linux-4.4.14/kernel/
DMakefile67 obj-$(CONFIG_AUDIT) += audit.o auditfilter.o
/linux-4.4.14/arch/alpha/kernel/
DMakefile20 obj-$(CONFIG_AUDIT) += audit.o
/linux-4.4.14/security/integrity/ima/
DKconfig81 list, integrity appraisal and audit log. The compiled default
/linux-4.4.14/arch/powerpc/kernel/
DMakefile113 obj-$(CONFIG_AUDIT) += audit.o
/linux-4.4.14/include/scsi/
Dosd_protocol.h561 /*10*/ u8 audit[20]; member
/linux-4.4.14/Documentation/RCU/
DlistRCU.txt49 you are turning auditing off, it is OK to audit a few extra system calls.
237 If the system-call audit module were to ever need to reject stale data,
/linux-4.4.14/lib/
DMakefile114 obj-$(CONFIG_AUDIT_GENERIC) += audit.o
/linux-4.4.14/tools/perf/
Dbuiltin-trace.c1405 } audit; member
1687 const char *name = audit_syscall_to_name(id, trace->audit.machine); in trace__read_syscall_info()
1758 int id = audit_name_to_syscall(sc, trace->audit.machine); in trace__validate_ev_qualifier()
2040 if (id == trace->audit.open_id && ret >= 0 && ttrace->filename.pending_open) { in trace__sys_exit()
3026 .audit = { in cmd_trace()
3028 .open_id = audit_name_to_syscall("open", trace.audit.machine), in cmd_trace()
/linux-4.4.14/Documentation/virtual/kvm/
Dlocking.txt123 fast page fault path, in order to easily audit the path, we see if TLBs need
/linux-4.4.14/security/
Dcommoncap.c72 int cap, int audit) in cap_capable() argument
/linux-4.4.14/net/iucv/
Diucv.c1101 msg->audit = (*(u32 *) &parm->purge.ipaudit) >> 8; in iucv_message_purge()
1680 msg.audit = imc->ipaudit; in iucv_message_complete()
/linux-4.4.14/include/linux/
Dlsm_hooks.h1323 int cap, int audit);
Dsecurity.h71 int cap, int audit);
/linux-4.4.14/tools/perf/config/
DMakefile391 …msg := $(warning No libaudit.h found, disables 'trace' tool, please install audit-libs-devel or li…
/linux-4.4.14/Documentation/
Dadding-syscalls.txt433 The audit subsystem is one such special case; it includes (arch-specific)
437 one of these, then the audit system should be updated.
Dkernel-parameters.txt514 audit= [KNL] Enable the audit sub-system
516 0 - kernel audit is disabled and can not be enabled
518 unset - kernel audit is initialized but disabled and
520 1 - kernel audit is initialized and partially enabled,
526 audit_backlog_limit= [KNL] Set the audit queue size limit.
1758 kvm.mmu_audit= [KVM] This is a R/W parameter which allows audit
Ddevices.txt1799 0 = /dev/audit Audit device
/linux-4.4.14/drivers/scsi/bfa/
Dbfa_defs_svc.h1446 struct bfa_audit_aen_data_s audit; member
Dbfa_ioc.c4212 aen_entry->aen_data.audit.pwwn = ioc->attr->pwwn; in bfa_flash_aen_audit_post()
4213 aen_entry->aen_data.audit.partition_inst = inst; in bfa_flash_aen_audit_post()
4214 aen_entry->aen_data.audit.partition_type = type; in bfa_flash_aen_audit_post()
/linux-4.4.14/include/uapi/linux/
DKbuild61 header-y += audit.h
/linux-4.4.14/security/selinux/
Dhooks.c1564 int cap, int audit) in cred_has_capability() argument
1591 if (audit == SECURITY_CAP_AUDIT) { in cred_has_capability()
2080 int cap, int audit) in selinux_capable() argument
2082 return cred_has_capability(cred, cap, audit); in selinux_capable()
/linux-4.4.14/net/netfilter/
DKconfig628 audit records for packets dropped/accepted.
/linux-4.4.14/
DMAINTAINERS2024 L: linux-audit@redhat.com (moderated for non-subscribers)
2025 W: http://people.redhat.com/sgrubb/audit/
2026 T: git git://git.infradead.org/users/pcmoore/audit
2028 F: include/linux/audit.h
2029 F: include/uapi/linux/audit.h
2030 F: kernel/audit*