]> www.infradead.org Git - users/jedix/linux-maple.git/commit
projects / users / jedix / linux-maple.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 20fd295) | patch
landlock: Log TCP bind and connect denials
authorMickaël Salaün <mic@digikod.net>
Thu, 20 Mar 2025 19:07:04 +0000 (20:07 +0100)
committerMickaël Salaün <mic@digikod.net>
Wed, 26 Mar 2025 12:59:41 +0000 (13:59 +0100)
commit9f74411a40cecc6faca2a3e3bbb7c1834276d4a2
tree2f4105bc61e4a195cf3e919b874784b97fe05c2ftree
parent20fd2954945458c1b04060d1ce6320f897b3a701commit | diff
landlock: Log TCP bind and connect denials

Add audit support to socket_bind and socket_connect hooks.

The related blockers are:
- net.bind_tcp
- net.connect_tcp

Audit event sample:

  type=LANDLOCK_DENY msg=audit(1729738800.349:44): domain=195ba459b blockers=net.connect_tcp daddr=127.0.0.1 dest=80

Cc: Günther Noack <gnoack@google.com>
Cc: Konstantin Meskhidze <konstantin.meskhidze@huawei.com>
Cc: Mikhail Ivanov <ivanov.mikhail1@huawei-partners.com>
Link: https://lore.kernel.org/r/20250320190717.2287696-16-mic@digikod.net
Signed-off-by: Mickaël Salaün <mic@digikod.net>
security/landlock/audit.c diff | blob | history
security/landlock/audit.h diff | blob | history
security/landlock/net.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.