TOMOYO: Allow controlling generation of access granted logs for per an entry basis. Add per-entry flag which controls generation of grant logs because Xen and KVM issues ioctl requests so frequently. For example, file ioctl /dev/null 0x5401 grant_log=no will suppress /sys/kernel/security/tomoyo/audit even if preference says grant_log=yes . Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>

commit: 1f067a682a9bd252107ac6f6946b7332fde42344 [log] [tgz]
author: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Sat Sep 10 15:24:56 2011 +0900
committer: James Morris <jmorris@namei.org> Wed Sep 14 08:27:06 2011 +1000
tree: 379bbbf02f0a802453e585a2a482192409308fbb
parent: 059d84dbb3897d4ee494a9c842c5dda54316cb47 [diff] [blame]
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index 85d9155..2704c38 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c

@@ -1272,6 +1272,10 @@
 		head->r.cond_step++;
 		/* fall through */
 	case 3:
+		if (cond->grant_log != TOMOYO_GRANTLOG_AUTO)
+			tomoyo_io_printf(head, " grant_log=%s",
+					 tomoyo_yesno(cond->grant_log ==
+						      TOMOYO_GRANTLOG_YES));
 		tomoyo_set_lf(head);
 		return true;
 	}
commit	1f067a682a9bd252107ac6f6946b7332fde42344	[log] [tgz]
author	Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>	Sat Sep 10 15:24:56 2011 +0900
committer	James Morris <jmorris@namei.org>	Wed Sep 14 08:27:06 2011 +1000
tree	379bbbf02f0a802453e585a2a482192409308fbb
parent	059d84dbb3897d4ee494a9c842c5dda54316cb47 [diff] [blame]