On Nov 22, 2024 =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= <[email protected]> wrote: > > Add audit support to socket_bind and socket_connect hooks. > > Audit event sample: > > type=LL_DENY [...]: domain=195ba459b blockers=net_connect_tcp > daddr=127.0.0.1 dest=80
The destination address and port is already captured in the SOCKADDR record for bind() and connect(), please don't duplicate it here. > Cc: Günther Noack <[email protected]> > Cc: Konstantin Meskhidze <[email protected]> > Cc: Mikhail Ivanov <[email protected]> > Signed-off-by: Mickaël Salaün <[email protected]> > Link: https://lore.kernel.org/r/[email protected] > --- > Changes since v2: > - Remove potentially superfluous IPv6 saddr log, spotted by Francis > Laniel. > - Cosmetic improvements. > --- > security/landlock/audit.c | 12 +++++++++ > security/landlock/audit.h | 1 + > security/landlock/net.c | 51 ++++++++++++++++++++++++++++++++++++--- > 3 files changed, 60 insertions(+), 4 deletions(-) -- paul-moore.com
