Hi Linus, Another relatively small pull request for audit, nine patches total. The only real new bit of functionality is the patch from Richard which adds the ability to filter records based on the filesystem type. The remainder are bug fixes and cleanups; the bug fix highlights include: ensuring that we properly audit init/PID-1 (me), and allowing the audit daemon to shutdown the kernel/auditd connection cleanly by setting the audit PID to zero (Steve).
Please merge for v4.14. Thanks, -Paul --- The following changes since commit 196a5085592c62ffa4eb739d7ce49c040c2953a1: audit: update the function comments (2017-09-05 09:46:59 -0400) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git tags/audit-pr-20171113 for you to fetch changes up to 42d5e37654e4cdb9fb2e2f3ab30045fee35c42d8: audit: filter PATH records keyed on filesystem magic (2017-11-10 16:08:56 -0500) ---------------------------------------------------------------- audit/stable-4.15 PR 20171113 ---------------------------------------------------------------- Casey Schaufler (1): Audit: remove unused audit_log_secctx function Paul Moore (5): audit: ensure that 'audit=1' actually enables audit for PID 1 audit: initialize the audit subsystem as early as possible audit: don't use simple_strtol() anymore audit: convert audit_ever_enabled to a boolean audit: use audit_set_enabled() in audit_enable() Richard Guy Briggs (1): audit: filter PATH records keyed on filesystem magic Steve Grubb (2): audit: Add new syscalls to the perm=w filter audit: Allow auditd to set pid to 0 to end auditing include/asm-generic/audit_dir_write.h | 3 ++ include/asm-generic/audit_write.h | 3 ++ include/linux/audit.h | 8 ---- include/uapi/linux/audit.h | 8 +++- kernel/audit.c | 76 +++++++++++-------------------- kernel/audit.h | 2 +- kernel/auditfilter.c | 39 ++++++++++++++---- kernel/auditsc.c | 23 +++++++++++ 8 files changed, 97 insertions(+), 65 deletions(-) -- paul moore www.paul-moore.com