On Fri, Sep 22, 2023 at 9:53 PM Phil Sutter <[email protected]> wrote: > > When adding/updating an object, the transaction handler emits suitable > audit log entries already, the one in nft_obj_notify() is redundant. To > fix that (and retain the audit logging from objects' 'update' callback), > Introduce an "audit log free" variant for internal use. > > Fixes: c520292f29b80 ("audit: log nftables configuration change events once > per table") > Signed-off-by: Phil Sutter <[email protected]> > --- > net/netfilter/nf_tables_api.c | 44 ++++++++++++------- > .../testing/selftests/netfilter/nft_audit.sh | 20 +++++++++ > 2 files changed, 48 insertions(+), 16 deletions(-)
Thanks for working on this Phil, it looks good to me from an audit perspective. Acked-by: Paul Moore <[email protected]> (Audit) -- paul-moore.com
