Use the existing audit_log_session_info() function rather than
hardcoding its functionality.
Signed-off-by: Richard Guy Briggs
---
kernel/auditfilter.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index d7a807e..9e87377 100644
On Thu, May 17, 2018 at 1:20 PM, Richard Guy Briggs wrote:
> Enable fork.c compilation with audit disabled.
>
> Signed-off-by: Richard Guy Briggs
> ---
> Hi Paul, this one got caught by the 0-day kbuildbot. Can you squash it
> down if you haven't merged it yet?
See my comment in the original pa
On Wed, May 16, 2018 at 7:55 AM, Richard Guy Briggs wrote:
> The audit-related parameters in struct task_struct should ideally be
> collected together and accessed through a standard audit API.
>
> Collect the existing loginuid, sessionid and audit_context together in a
> new struct audit_task_inf
On Wed, May 16, 2018 at 7:55 AM, Richard Guy Briggs wrote:
> Recognizing that the loginuid is an internal audit value, use an access
> function to retrieve the audit loginuid value for the task rather than
> reaching directly into the task struct to get it.
>
> Signed-off-by: Richard Guy Briggs
>
On Wed, May 16, 2018 at 7:55 AM, Richard Guy Briggs wrote:
> On the rebase of the following commit on the new seccomp actions_logged
> function, one audit_context access was missed.
>
> commit cdfb6b341f0f2409aba24b84f3b4b2bba50be5c5
> ("audit: use inline function to get audit context")
>
> Signed
On 2018-05-17 17:00, Steve Grubb wrote:
> On Fri, 16 Mar 2018 05:00:28 -0400
> Richard Guy Briggs wrote:
>
> > Implement the proc fs write to set the audit container ID of a
> > process, emitting an AUDIT_CONTAINER record to document the event.
> >
> > This is a write from the container orchestr
On 2018-05-17 17:09, Steve Grubb wrote:
> On Fri, 16 Mar 2018 05:00:30 -0400
> Richard Guy Briggs wrote:
>
> > Create a new audit record AUDIT_CONTAINER_INFO to document the
> > container ID of a process if it is present.
>
> As mentioned in a previous email, I think AUDIT_CONTAINER is more
> su
On 2018-05-17 10:18, Stefan Berger wrote:
> On 03/08/2018 06:21 AM, Richard Guy Briggs wrote:
> > On 2018-03-05 09:24, Mimi Zohar wrote:
> > > On Mon, 2018-03-05 at 08:50 -0500, Richard Guy Briggs wrote:
> > > > On 2018-03-05 08:43, Mimi Zohar wrote:
> > > > > Hi Richard,
> > > > >
> > > > > This
On Fri, 16 Mar 2018 05:00:30 -0400
Richard Guy Briggs wrote:
> Create a new audit record AUDIT_CONTAINER_INFO to document the
> container ID of a process if it is present.
As mentioned in a previous email, I think AUDIT_CONTAINER is more
suitable for the container record. One more comment below.
On Fri, 16 Mar 2018 05:00:28 -0400
Richard Guy Briggs wrote:
> Implement the proc fs write to set the audit container ID of a
> process, emitting an AUDIT_CONTAINER record to document the event.
>
> This is a write from the container orchestrator task to a proc entry
> of the form /proc/PID/cont
Enable fork.c compilation with audit disabled.
Signed-off-by: Richard Guy Briggs
---
Hi Paul, this one got caught by the 0-day kbuildbot. Can you squash it
down if you haven't merged it yet?
---
kernel/fork.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/kernel/fork.c b/kernel/fork.c
in
On 2018-05-17 17:31, Ondrej Mosnacek wrote:
> The audit_filter_rules() function in auditsc.c compared the session ID
> with the credentials of the current task, while it should use the
> credentials of the task given to audit_filter_rules() as a parameter
> (tsk).
>
> GitHub issue:
> https://githu
On 2018-05-17 17:31, Ondrej Mosnacek wrote:
> The audit_filter_rules() function in auditsc.c used the in_[e]group_p()
> functions to check GID/EGID match, but these functions use the current
> task's credentials, while the comparison should use the credentials of
> the task given to audit_filter_ru
On 03/08/2018 06:21 AM, Richard Guy Briggs wrote:
On 2018-03-05 09:24, Mimi Zohar wrote:
On Mon, 2018-03-05 at 08:50 -0500, Richard Guy Briggs wrote:
On 2018-03-05 08:43, Mimi Zohar wrote:
Hi Richard,
This patch has been compiled, but not runtime tested.
Ok, great, thank you. I assume you a
The audit_filter_rules() function in auditsc.c used the in_[e]group_p()
functions to check GID/EGID match, but these functions use the current
task's credentials, while the comparison should use the credentials of
the task given to audit_filter_rules() as a parameter (tsk).
Note that we can use gr
The audit_filter_rules() function in auditsc.c compared the session ID
with the credentials of the current task, while it should use the
credentials of the task given to audit_filter_rules() as a parameter
(tsk).
GitHub issue:
https://github.com/linux-audit/audit-kernel/issues/82
Fixes: 8fae47705
:
https://github.com/0day-ci/linux/commits/Richard-Guy-Briggs/audit-group-task-params/20180517-090703
config: i386-tinyconfig (attached as .config)
compiler: gcc-7 (Debian 7.3.0-16) 7.3.0
reproduce:
# save the attached .config to linux build tree
make ARCH=i386
All errors (new
==
ANNOUNCEMENT AND CALL FOR PARTICIPATION
LINUX SECURITY SUMMIT EUROPE 2018
25-26 October
18 matches
Mail list logo