diff options
author | Stefan Berger <stefanb@linux.vnet.ibm.com> | 2018-06-04 16:54:54 -0400 |
---|---|---|
committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2018-07-18 07:27:22 -0400 |
commit | 2afd020aaeeefacb7711b47e3afb0cfb50db3f13 (patch) | |
tree | bf3a9a541f8598092f8cd7ecbfa93c0f15bc0b22 /security/integrity/integrity.h | |
parent | 3d2859d5d4c33b12327764b887039bca15a37e57 (diff) | |
download | op-kernel-dev-2afd020aaeeefacb7711b47e3afb0cfb50db3f13.zip op-kernel-dev-2afd020aaeeefacb7711b47e3afb0cfb50db3f13.tar.gz |
ima: Do not audit if CONFIG_INTEGRITY_AUDIT is not set
If Integrity is not auditing, IMA shouldn't audit, either.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity/integrity.h')
-rw-r--r-- | security/integrity/integrity.h | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h index 0bb372e..e60473b 100644 --- a/security/integrity/integrity.h +++ b/security/integrity/integrity.h @@ -15,6 +15,7 @@ #include <linux/integrity.h> #include <crypto/sha.h> #include <linux/key.h> +#include <linux/audit.h> /* iint action cache flags */ #define IMA_MEASURE 0x00000001 @@ -199,6 +200,13 @@ static inline void evm_load_x509(void) void integrity_audit_msg(int audit_msgno, struct inode *inode, const unsigned char *fname, const char *op, const char *cause, int result, int info); + +static inline struct audit_buffer * +integrity_audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) +{ + return audit_log_start(ctx, gfp_mask, type); +} + #else static inline void integrity_audit_msg(int audit_msgno, struct inode *inode, const unsigned char *fname, @@ -206,4 +214,11 @@ static inline void integrity_audit_msg(int audit_msgno, struct inode *inode, int result, int info) { } + +static inline struct audit_buffer * +integrity_audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type) +{ + return NULL; +} + #endif |