Hello Jan,
On Friday, September 8, 2017 6:55:45 AM EDT Jan Kara wrote:
> Hello Steve,
>
> On Thu 07-09-17 11:47:35, Steve Grubb wrote:
> > > > On Thursday, September 7, 2017 6:18:05 AM EDT Jan Kara wrote:
> > > On Wed 06-09-17 13:34:32, Steve Grubb wrote:
> > > > On Wednesday, September 6, 2017 1
On Tue, Sep 5, 2017 at 2:46 AM, Richard Guy Briggs wrote:
> The existing condition tested for process effective capabilities set by
> file attributes but intended to ignore the change if the result was
> unsurprisingly an effective full set in the case root is special with a
> setuid root executab
On Wed, Sep 20, 2017 at 6:25 PM, Kees Cook wrote:
> On Wed, Sep 20, 2017 at 3:11 PM, Paul Moore wrote:
>> On Tue, Sep 5, 2017 at 2:46 AM, Richard Guy Briggs wrote:
>>> Now that the logic is inverted, it is much easier to see that both real
>>> root and effective root conditions had to be met to
On Wed, Sep 20, 2017 at 3:11 PM, Paul Moore wrote:
> On Tue, Sep 5, 2017 at 2:46 AM, Richard Guy Briggs wrote:
>> Now that the logic is inverted, it is much easier to see that both real
>> root and effective root conditions had to be met to avoid printing the
>> BPRM_FCAPS record with audit sysca
On Tue, Sep 5, 2017 at 2:46 AM, Richard Guy Briggs wrote:
> Now that the logic is inverted, it is much easier to see that both real
> root and effective root conditions had to be met to avoid printing the
> BPRM_FCAPS record with audit syscalls. This meant that any setuid root
> applications woul
On Fri, Sep 1, 2017 at 9:44 AM, Paul Moore wrote:
> Unfortunately it turns out that we are not properly enabling audit
> early enough in the boot process to tag PID 1 (init/systemd/etc.)
> with the special audit magic necessary to cause PID 1 events to
> be audited. This patch set fixes this prob
On Wed, Aug 23, 2017 at 7:03 AM, Richard Guy Briggs wrote:
> Tracefs or debugfs were causing hundreds to thousands of null PATH
> records to be associated with the init_module and finit_module SYSCALL
> records on a few modules when the following rule was in place for
> startup:
> -a alway