1
linux/kernel
Steve Grubb 6a01b07fae [PATCH] audit config lockdown
The following patch adds a new mode to the audit system. It uses the
audit_enabled config option to introduce the idea of audit enabled, but
configuration is immutable. Any attempt to change the configuration
while in this mode is audited. To change the audit rules, you'd need to
reboot the machine.

To use this option, you'd need a modified version of auditctl and use "-e 2".
This is intended to go at the end of the audit.rules file for people that
want an immutable configuration.

This patch also adds "res=" to a number of configuration commands that did not
have it before.

Signed-off-by: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2007-02-17 21:30:12 -05:00
..
irq [PATCH] small irq management simplification 2007-02-16 08:14:00 -08:00
power [PATCH] swsusp: Change pm_ops handling by userland interface 2007-02-11 10:51:20 -08:00
time [PATCH] Add debugging feature /proc/timer_list 2007-02-16 08:13:59 -08:00
.gitignore gitignore: ignore more generated files 2006-01-03 11:35:26 +01:00
acct.c [PATCH] kernel: change uses of f_{dentry, vfsmnt} to use f_path 2006-12-08 08:28:42 -08:00
audit.c [PATCH] audit config lockdown 2007-02-17 21:30:12 -05:00
audit.h [PATCH] audit: AUDIT_PERM support 2006-09-11 13:32:30 -04:00
auditfilter.c [PATCH] minor update to rule add/delete messages (ver 2) 2007-02-17 21:30:09 -05:00
auditsc.c [PATCH] struct path: convert kernel 2006-12-08 08:28:46 -08:00
capability.c [PATCH] pid: replace do/while_each_task_pid with do/while_each_pid_task 2007-02-12 09:48:32 -08:00
compat.c [PATCH] Common compat_sys_sysinfo 2007-02-11 10:51:32 -08:00
configs.c [PATCH] struct seq_operations and struct file_operations constification 2006-12-07 08:39:46 -08:00
cpu.c [PATCH] swsusp: Change code ordering in disk.c 2007-02-11 10:51:19 -08:00
cpuset.c [PATCH] mark struct inode_operations const 2 2007-02-12 09:48:46 -08:00
delayacct.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
dma.c [PATCH] struct seq_operations and struct file_operations constification 2006-12-07 08:39:46 -08:00
exec_domain.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
exit.c [PATCH] pid: replace is_orphaned_pgrp with is_current_pgrp_orphaned 2007-02-12 09:48:32 -08:00
extable.c [PATCH] symbol_put_addr() locks kernel 2006-05-15 11:20:55 -07:00
fork.c [PATCH] hrtimers: namespace and enum cleanup 2007-02-16 08:13:58 -08:00
futex_compat.c [PATCH] __user annotations: futex 2006-10-10 15:37:22 -07:00
futex.c [PATCH] hrtimers: namespace and enum cleanup 2007-02-16 08:13:58 -08:00
hrtimer.c [PATCH] Add debugging feature /proc/timer_stat 2007-02-16 08:13:59 -08:00
itimer.c [PATCH] hrtimers: prevent possible itimer DoS 2007-02-16 08:13:59 -08:00
kallsyms.c [PATCH] move kallsyms data to .rodata 2006-12-08 08:28:37 -08:00
Kconfig.hz [PATCH] HZ: 300Hz support 2006-12-07 08:39:36 -08:00
Kconfig.preempt [PATCH] sched: voluntary kernel preemption 2005-06-25 16:24:45 -07:00
kexec.c Merge branch 'release' of master.kernel.org:/pub/scm/linux/kernel/git/aegl/linux-2.6 2006-12-07 15:39:22 -08:00
kfifo.c [PATCH] Numerous fixes to kernel-doc info in source files. 2007-02-11 10:51:32 -08:00
kmod.c [PATCH] x86-64: Allow to run a program when a machine check event is detected 2007-02-13 13:26:23 +01:00
kprobes.c [PATCH] kprobes: replace magic numbers with enum 2007-01-30 16:01:35 -08:00
ksysfs.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
kthread.c [PATCH] Numerous fixes to kernel-doc info in source files. 2007-02-11 10:51:32 -08:00
latency.c [PATCH] severing module.h->sched.h 2006-12-04 02:00:22 -05:00
lockdep_internals.h [PATCH] lockdep: more chains 2006-12-07 08:39:43 -08:00
lockdep_proc.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
lockdep.c [PATCH] lockdep: add graph depth information to /proc/lockdep 2007-02-11 10:51:26 -08:00
Makefile [PATCH] sysctl: move utsname sysctls to their own file 2007-02-14 08:09:58 -08:00
module.c /sys/modules/*/holders 2007-02-07 10:37:12 -08:00
mutex-debug.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
mutex-debug.h [PATCH] lockdep: better lock debugging 2006-07-03 15:27:01 -07:00
mutex.c [PATCH] lockdep: avoid lockdep warning in md 2006-12-08 08:28:39 -08:00
mutex.h [PATCH] lockdep: prove mutex locking correctness 2006-07-03 15:27:04 -07:00
nsproxy.c Revert "[PATCH] namespaces: fix exit race by splitting exit" 2007-01-30 13:35:18 -08:00
panic.c [PATCH] Add TAINT_USER and ability to set taint flags from userspace 2007-02-11 10:51:29 -08:00
params.c /sys/modules/*/holders 2007-02-07 10:37:12 -08:00
pid.c [PATCH] namespaces: fix task exit disaster 2007-01-30 13:40:36 -08:00
posix-cpu-timers.c [PATCH] posix timers: RCU optimization for clock_gettime() 2007-02-16 08:14:00 -08:00
posix-timers.c [PATCH] hrtimers: add high resolution timer support 2007-02-16 08:13:59 -08:00
printk.c [PATCH] order of lockdep off/on in vprintk() should be changed 2007-02-11 11:18:06 -08:00
profile.c [PATCH] proc: remove useless (and buggy) ->nlink settings 2007-02-11 10:51:32 -08:00
ptrace.c [PATCH] pidspace: is_init() 2006-09-29 09:18:12 -07:00
rcupdate.c [PATCH] rcu: add a prefetch() in rcu_do_batch() 2006-12-07 08:39:40 -08:00
rcutorture.c [PATCH] rcu: rcutorture suspend fix 2006-12-30 10:55:55 -08:00
relay.c [PATCH] Numerous fixes to kernel-doc info in source files. 2007-02-11 10:51:32 -08:00
resource.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
rtmutex_common.h [PATCH] pi-futex: futex_lock_pi/futex_unlock_pi support 2006-06-27 17:32:47 -07:00
rtmutex-debug.c Remove all inclusions of <linux/config.h> 2006-10-04 03:38:54 -04:00
rtmutex-debug.h [PATCH] lockdep: better lock debugging 2006-07-03 15:27:01 -07:00
rtmutex-tester.c [PATCH] Add include/linux/freezer.h and move definitions from sched.h 2006-12-07 08:39:27 -08:00
rtmutex.c [PATCH] hrtimers: namespace and enum cleanup 2007-02-16 08:13:58 -08:00
rtmutex.h [PATCH] lockdep: better lock debugging 2006-07-03 15:27:01 -07:00
rwsem.c [PATCH] lockdep: prove rwsem locking correctness 2006-07-03 15:27:04 -07:00
sched.c [PATCH] i386: paravirt CPU hypercall batching mode 2007-02-13 13:26:21 +01:00
seccomp.c
signal.c [PATCH] hrtimers: prevent possible itimer DoS 2007-02-16 08:13:59 -08:00
softirq.c [PATCH] tick-management: dyntick / highres functionality 2007-02-16 08:13:59 -08:00
softlockup.c [PATCH] check return value of cpu_callback 2006-09-29 09:18:14 -07:00
spinlock.c [PATCH] lockdep: spin_lock_irqsave_nested() 2006-11-25 13:28:34 -08:00
srcu.c [PATCH] SRCU: report out-of-memory errors 2006-10-04 07:55:30 -07:00
stacktrace.c [PATCH] lockdep: stacktrace subsystem, core 2006-07-03 15:27:02 -07:00
stop_machine.c [PATCH] stop_machine.c copyright 2006-09-29 09:18:24 -07:00
sys_ni.c [PATCH] Create compat_sys_migrate_pages 2006-11-03 12:27:59 -08:00
sys.c [PATCH] pid: replace do/while_each_task_pid with do/while_each_pid_task 2007-02-12 09:48:32 -08:00
sysctl.c [PATCH] sysctl: add a parent entry to ctl_table and set the parent entry 2007-02-14 08:10:00 -08:00
taskstats.c [PATCH] taskstats: cleanup reply assembling 2006-12-07 08:39:34 -08:00
time.c [PATCH] Fix multiple conversion bugs in msecs_to_jiffies 2007-02-16 08:13:56 -08:00
timer.c [PATCH] generic: vsyscall-gtod support for GENERIC_TIME 2007-02-16 08:14:00 -08:00
tsacct.c [PATCH] time: x86_64: split x86_64/kernel/time.c up 2007-02-16 08:14:00 -08:00
uid16.c [PATCH] Add more prevent_tail_call() 2006-04-19 16:27:18 -07:00
user.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
utsname_sysctl.c [PATCH] sysctl: remove insert_at_head from register_sysctl 2007-02-14 08:09:59 -08:00
utsname.c [PATCH] namespaces: utsname: implement CLONE_NEWUTS flag 2006-10-02 07:57:22 -07:00
wait.c [PATCH] uninline init_waitqueue_head() 2006-07-10 13:24:25 -07:00
workqueue.c [PATCH] Add debugging feature /proc/timer_stat 2007-02-16 08:13:59 -08:00