TOMOYO: Allow controlling generation of access granted logs for per an entry basis.
Add per-entry flag which controls generation of grant logs because Xen and KVM
issues ioctl requests so frequently. For example,
file ioctl /dev/null 0x5401 grant_log=no
will suppress /sys/kernel/security/tomoyo/audit even if preference says
grant_log=yes .
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index 5931fb1..498fea7 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -157,6 +157,7 @@
continue;
if (!tomoyo_condition(r, ptr->cond))
continue;
+ r->matched_acl = ptr;
r->granted = true;
return;
}