Hello,
I've just released a new version of the audit daemon. It can be downloaded
from http://people.redhat.com/sgrubb/audit. It will also be in rawhide
soon. The ChangeLog is:
- Do capabilities check rather than uid
- Auditd fixup directory and file permissions on startup
- Add some missing con
On Tuesday, June 28, 2016 01:10:04 AM Laurent Bigonville wrote:
> > Looking that build system, it seems that CFLAGS and CPPFLAGS for these
> > executables are overriden in lib/Makefile.am and auparse/Makefile.am
> > (with CFLAGS_FOR_BUILD and CPPFLAGS_FOR_BUILD) but the LDFLAGS are
> > left unto
On Tue, Jun 28, 2016 at 12:07 PM, Richard Guy Briggs wrote:
> The only users of audit_get_tty and audit_put_tty are internal to audit,
> so move it out of include/linux/audit.h to kernel.h and create a proper
> function rather than inlining it. This also reduces kABI changes.
>
> Suggested-by: Pa
On Tue, Jun 28, 2016 at 12:06 PM, Richard Guy Briggs wrote:
> Move the calculations of values after the allocation in case the
> allocation fails. This avoids wasting effort in the rare case that it
> fails, but more importantly saves us extra logic to release the tty ref.
>
> Signed-off-by: Rich
On 2016-06-16 17:07, Paul Moore wrote:
> On Tue, Jun 14, 2016 at 5:03 PM, Richard Guy Briggs wrote:
> > In the case of an error returned from a field check in an audit filter
> > syscall rule, it is treated as a match and the rule action is honoured.
> >
> > This could cause a rule with a default
The only users of audit_get_tty and audit_put_tty are internal to audit,
so move it out of include/linux/audit.h to kernel.h and create a proper
function rather than inlining it. This also reduces kABI changes.
Suggested-by: Paul Moore
Signed-off-by: Richard Guy Briggs
---
include/linux/audit.
Move the calculations of values after the allocation in case the
allocation fails. This avoids wasting effort in the rare case that it
fails, but more importantly saves us extra logic to release the tty ref.
Signed-off-by: Richard Guy Briggs
---
kernel/auditsc.c |7 ---
1 files changed,
On Mon, Jun 27, 2016 at 10:37:59AM -0400, Paul Moore wrote:
> On Mon, Jun 27, 2016 at 10:34 AM, Paul Moore wrote:
> > From: Paul Moore
> >
> > When executing s390 code on s390x the syscall arguments are not
> > properly masked, leading to some malformed audit records.
> >
> > Signed-off-by: Paul