Hi Linus, A lucky 13 audit patches for v5.1. Despite the rather large diffstat, most of the changes are from two bug fix patches that move code from one Kconfig option to another. Beyond that bit of churn, the remaining changes are largely cleanups and bug-fixes as we slowly march towards container auditing. It isn't all boring though, we do have a couple of new things: file capabilities v3 support, and expanded support for filtering on filesystems to solve problems with remote filesystems.
All changes pass the audit-testsuite. Please merge for v5.1. Thanks, -Paul -- The following changes since commit bfeffd155283772bbe78c6a05dec7c0128ee500c: Linux 5.0-rc1 (2019-01-06 17:08:20 -0800) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git tags/audit-pr-20190305 for you to fetch changes up to 131d34cb07957151c369366b158690057d2bce5e: audit: mark expected switch fall-through (2019-02-12 20:17:13 -0500) ---------------------------------------------------------------- audit/stable-5.1 PR 20190305 ---------------------------------------------------------------- Gustavo A. R. Silva (1): audit: mark expected switch fall-through Richard Guy Briggs (12): audit: give a clue what CONFIG_CHANGE op was involved audit: hand taken context to audit_kill_trees for syscall logging audit: add syscall information to CONFIG_CHANGE records audit: move loginuid and sessionid from CONFIG_AUDITSYSCALL to CONFIG_AUDIT audit: add support for fcaps v3 audit: more filter PATH records keyed on filesystem magic audit: clean up AUDITSYSCALL prototypes and stubs audit: ignore fcaps on umount audit: remove unused actx param from audit_rule_match audit: remove audit_context when CONFIG_ AUDIT and not AUDITSYSCALL audit: join tty records to their syscall audit: hide auditsc_get_stamp and audit_serial prototypes drivers/tty/tty_audit.c | 2 +- fs/namei.c | 2 +- fs/namespace.c | 2 + fs/proc/base.c | 6 +- include/linux/audit.h | 66 ++++---- include/linux/capability.h | 5 +- include/linux/lsm_hooks.h | 4 +- include/linux/namei.h | 3 + include/linux/sched.h | 4 +- include/linux/security.h | 5 +- init/init_task.c | 2 +- kernel/audit.c | 267 ++++++++++++------------------ kernel/audit.h | 81 +++++---- kernel/audit_fsnotify.c | 2 +- kernel/audit_tree.c | 19 ++- kernel/audit_watch.c | 2 +- kernel/auditfilter.c | 6 +- kernel/auditsc.c | 320 +++++++++++++++++++++++------------- security/apparmor/audit.c | 3 +- security/apparmor/include/audit.h | 3 +- security/commoncap.c | 2 + security/integrity/ima/ima.h | 3 +- security/integrity/ima/ima_policy.c | 6 +- security/security.c | 6 +- security/selinux/include/audit.h | 4 +- security/selinux/ss/services.c | 3 +- security/smack/smack_lsm.c | 4 +- 27 files changed, 440 insertions(+), 392 deletions(-) -- paul moore www.paul-moore.com -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit