Re: [nf PATCH 2/2] netfilter: nf_tables: Audit log rule reset

Paul Moore Wed, 30 Aug 2023 19:27:23 -0700

On Tue, Aug 29, 2023 at 2:24 PM Phil Sutter <p...@nwl.cc> wrote:
>
> Resetting rules' stateful data happens outside of the transaction logic,
> so 'get' and 'dump' handlers have to emit audit log entries themselves.
>
> Cc: Richard Guy Briggs <r...@redhat.com>
> Fixes: 8daa8fde3fc3f ("netfilter: nf_tables: Introduce NFT_MSG_GETRULE_RESET")
> Signed-off-by: Phil Sutter <p...@nwl.cc>
> ---
>  include/linux/audit.h         |  1 +
>  kernel/auditsc.c              |  1 +
>  net/netfilter/nf_tables_api.c | 18 ++++++++++++++++++
>  3 files changed, 20 insertions(+)


See my comments in patch 1/2.

Acked-by: Paul Moore <p...@paul-moore.com>

-- 
paul-moore.com

--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit

Re: [nf PATCH 2/2] netfilter: nf_tables: Audit log rule reset

Reply via email to