Since kernel parameter is operated before
initcall, so the audit_initialized must be
AUDIT_UNINITIALIZED or DISABLED in audit_enable.
Signed-off-by: Gao feng
---
kernel/audit.c | 13 ++---
1 file changed, 2 insertions(+), 11 deletions(-)
change from v1:
convert "printk(KERN_INFO " to "p
On Wed, Oct 30, 2013 at 2:20 PM, Eric Paris wrote:
> I'm like a child wandering into the middle of a movie and having no idea
> what is going on. But...
>
my day to day reality :-P
>
> > The limit is PATH_MAX. You could have an absolute path that
> > uses all available
> >
I'm like a child wandering into the middle of a movie and having no idea
what is going on. But...
> The limit is PATH_MAX. You could have an absolute path that
> uses all available
> characters.
>
> -Steve
>
>
> So looking at PATH_MAX...
> include/linux/
Move the audit_bprm() call from search_binary_handler() to exec_binprm(). This
allows us to get rid of the mm member of struct audit_aux_data_execve since
bprm->mm will equal current->mm.
This also mitigates the issue that ->argc could be modified by the
load_binary() call in search_binary_handle
This patchset is a clean up of the audit_aux_data and audit_context structures
and the audit_bprm() call that was needlessly recursing, allocating more
resources than necessary.
Eric W. Biederman (1):
audit: Kill the unused struct audit_aux_data_capset
Richard Guy Briggs (2):
audit: remove un
Get rid of write-only audit_aux_data_exeve structure member envc.
Signed-off-by: Richard Guy Briggs
---
kernel/auditsc.c |2 --
1 files changed, 0 insertions(+), 2 deletions(-)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 24047f4..c9abaa0 100644
--- a/kernel/auditsc.c
+++ b/kernel
From: Eric W. Biederman
Signed-off-by: "Eric W. Biederman"
(cherry picked from commit 6904431d6b41190e42d6b94430b67cb4e7e6a4b7)
(cherry picked from commit 2b3a6c617396a9e6eedae9a56b2d9642da0216b6)
---
kernel/auditsc.c |6 --
1 files changed, 0 insertions(+), 6 deletions(-)
diff --git a
On Wed, Oct 30, 2013 at 12:42 PM, Steve Grubb wrote:
> On Tuesday, October 29, 2013 05:43:36 PM William Roberts wrote:
> > >> I guess I could just set the comm field explicitly via the packagename
> > >> when the classloader loads the value, but I was hoping for something
> more
> > >> generic th
On Tuesday, October 29, 2013 05:43:36 PM William Roberts wrote:
> >> I guess I could just set the comm field explicitly via the packagename
> >> when the classloader loads the value, but I was hoping for something more
> >> generic that would
> >> let me get larger package names then 16.
> >
> > I
On Tuesday, October 29, 2013 05:29:41 PM Eric Paris wrote:
> On Tue, 2013-10-29 at 17:28 -0400, Paul Moore wrote:
> > Take x86_64 and x32 as an example (think of x32 as a 32-bit version of
> > x86_64). Both x32 and x86_64 use the AUDIT_ARCH_X86_64 value and general
> > calling convention, but they
Hello all,
I've been dealing with the AUDIT_ARCH_* defines, different ABIs and syscall
tables a fair amount lately as part of libseccomp[1] and a little birdie
thought it might be a good idea to post something to the Linux audit list.
So here we go. I'll try to be brief.
First off, if you alr
UNSUBSCRIBE
This e-mail and any files transmitted with it may be proprietary and are
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this e-mail in error please notify the sender.
Please note that any v
12 matches
Mail list logo