audit 2.6.1 released

2016-06-28 Thread Steve Grubb
Hello, I've just released a new version of the audit daemon. It can be downloaded from http://people.redhat.com/sgrubb/audit. It will also be in rawhide soon. The ChangeLog is: - Do capabilities check rather than uid - Auditd fixup directory and file permissions on startup - Add some missing con

Re: Reset the LDFLAGS when building helper executables

2016-06-28 Thread Steve Grubb
On Tuesday, June 28, 2016 01:10:04 AM Laurent Bigonville wrote: > > Looking that build system, it seems that CFLAGS and CPPFLAGS for these > > executables are overriden in lib/Makefile.am and auparse/Makefile.am > > (with CFLAGS_FOR_BUILD and CPPFLAGS_FOR_BUILD) but the LDFLAGS are > > left unto

Re: [PATCH] audit: move audit_get_tty to reduce scope and kabi changes

2016-06-28 Thread Paul Moore
On Tue, Jun 28, 2016 at 12:07 PM, Richard Guy Briggs wrote: > The only users of audit_get_tty and audit_put_tty are internal to audit, > so move it out of include/linux/audit.h to kernel.h and create a proper > function rather than inlining it. This also reduces kABI changes. > > Suggested-by: Pa

Re: [PATCH] audit: move calcs after alloc and check when logging set loginuid

2016-06-28 Thread Paul Moore
On Tue, Jun 28, 2016 at 12:06 PM, Richard Guy Briggs wrote: > Move the calculations of values after the allocation in case the > allocation fails. This avoids wasting effort in the rare case that it > fails, but more importantly saves us extra logic to release the tty ref. > > Signed-off-by: Rich

Re: [PATCH] audit: catch errors from audit_filter_rules field checks

2016-06-28 Thread Richard Guy Briggs
On 2016-06-16 17:07, Paul Moore wrote: > On Tue, Jun 14, 2016 at 5:03 PM, Richard Guy Briggs wrote: > > In the case of an error returned from a field check in an audit filter > > syscall rule, it is treated as a match and the rule action is honoured. > > > > This could cause a rule with a default

[PATCH] audit: move audit_get_tty to reduce scope and kabi changes

2016-06-28 Thread Richard Guy Briggs
The only users of audit_get_tty and audit_put_tty are internal to audit, so move it out of include/linux/audit.h to kernel.h and create a proper function rather than inlining it. This also reduces kABI changes. Suggested-by: Paul Moore Signed-off-by: Richard Guy Briggs --- include/linux/audit.

[PATCH] audit: move calcs after alloc and check when logging set loginuid

2016-06-28 Thread Richard Guy Briggs
Move the calculations of values after the allocation in case the allocation fails. This avoids wasting effort in the rare case that it fails, but more importantly saves us extra logic to release the tty ref. Signed-off-by: Richard Guy Briggs --- kernel/auditsc.c |7 --- 1 files changed,

Re: [PATCH v2] s390: ensure that syscall arguments are properly masked on s390

2016-06-28 Thread Heiko Carstens
On Mon, Jun 27, 2016 at 10:37:59AM -0400, Paul Moore wrote: > On Mon, Jun 27, 2016 at 10:34 AM, Paul Moore wrote: > > From: Paul Moore > > > > When executing s390 code on s390x the syscall arguments are not > > properly masked, leading to some malformed audit records. > > > > Signed-off-by: Paul