[PATCH v3 17/23] landlock: Log TCP bind and connect denials
Paul Moore
paul at paul-moore.com
Sun Jan 5 01:23:52 UTC 2025
On Nov 22, 2024 =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= <mic at digikod.net> wrote:
>
> Add audit support to socket_bind and socket_connect hooks.
>
> Audit event sample:
>
> type=LL_DENY [...]: domain=195ba459b blockers=net_connect_tcp daddr=127.0.0.1 dest=80
The destination address and port is already captured in the SOCKADDR
record for bind() and connect(), please don't duplicate it here.
> Cc: Günther Noack <gnoack at google.com>
> Cc: Konstantin Meskhidze <konstantin.meskhidze at huawei.com>
> Cc: Mikhail Ivanov <ivanov.mikhail1 at huawei-partners.com>
> Signed-off-by: Mickaël Salaün <mic at digikod.net>
> Link: https://lore.kernel.org/r/20241122143353.59367-18-mic@digikod.net
> ---
> Changes since v2:
> - Remove potentially superfluous IPv6 saddr log, spotted by Francis
> Laniel.
> - Cosmetic improvements.
> ---
> security/landlock/audit.c | 12 +++++++++
> security/landlock/audit.h | 1 +
> security/landlock/net.c | 51 ++++++++++++++++++++++++++++++++++++---
> 3 files changed, 60 insertions(+), 4 deletions(-)
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list