Re: [PATCH v2] semanage: handle getprotobyname() failure case
On Mon, Jun 22, 2020 at 8:22 AM Stephen Smalley wrote: > > On Mon, Jun 8, 2020 at 12:18 PM Stephen Smalley > wrote: > > > > On Fri, Jun 5, 2020 at 4:24 AM Topi Miettinen wrote: > > > > > > At least on Debian, /etc/protocols, which is used by > > > socket.getprotobyname() to resolve protocols to names, does not > > > contain an entry for "ipv4". In that case, set the protocol number > > > used by audit logs for "ipv4" to a fixed value. To ensure audit log > > > compatibility, let's use the same numeric value as Fedora: 4, which is > > > actually understood by kernel as IP over IP. > > > > > > Signed-off-by: Topi Miettinen > > > > This looks fine to me but adding linux-audit mailing list to see if > > they have any concerns. It appears to make no change to the audit > > messages on Fedora. > > Seeing no objections from linux-audit, > > Acked-by: Stephen Smalley Applied. -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
Re: [PATCH v3 2/2] IMA: Add audit log for failure conditions
On Wed, Jun 24, 2020 at 1:25 PM Lakshmi Ramasubramanian wrote: > > On 6/23/20 12:58 PM, Mimi Zohar wrote: > > Hi Steve\Paul, > > >> Sample audit messages: > >> > >> [6.303048] audit: type=1804 audit(1592506281.627:2): pid=1 uid=0 > >> auid=4294967295 ses=4294967295 subj=kernel op=measuring_key > >> cause=ENOMEM comm="swapper/0" name=".builtin_trusted_keys" res=0 > >> errno=-12 > > > > My only concern is that auditing -ENOMEM will put additional memory > > pressure on the system. I'm not sure if this is a concern and, if so, > > how it should be handled. > > Do you have any concerns with respect to adding audit messages in low > memory conditions? Assuming the system is not completely toast, the allocation failure could be a very transient issue; I wouldn't worry too much about it. -- paul moore www.paul-moore.com -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
