The audit_filter_rules() function in auditsc.c used the in_[e]group_p()
functions to check GID/EGID match, but these functions use the current
task's credentials, while the comparison should use the credentials of
the task given to audit_filter_rules() as a parameter (tsk).
Note that we can use gr
2018-06-04 22:41 GMT+02:00 Paul Moore :
> On Wed, May 30, 2018 at 4:45 AM, Ondrej Mosnacek wrote:
>> This patch removes the restriction of the AUDIT_EXE field to only
>> SYSCALL filter and teaches audit_filter to recognize this field.
>>
>> This makes it possible to write rule lists such as:
>>
>>
2018-06-05 0:19 GMT+02:00 Paul Moore :
> On Fri, Jun 1, 2018 at 4:05 PM, Richard Guy Briggs wrote:
>> On 2018-06-01 10:12, Ondrej Mosnacek wrote:
>
> ...
>
>>> audit_receive_msg -- this function doesn't work with context at all,
>>> so I wasn't sure if audit_filter should consider it being NULL
Hi Paul,
On Mon, 2018-06-04 at 20:21 -0400, Paul Moore wrote:
> On Mon, Jun 4, 2018 at 4:54 PM, Stefan Berger
> wrote:
> > The AUDIT_INTEGRITY_RULE is used for auditing IMA policy rules and
> > the IMA "audit" policy action. This patch defines
> > AUDIT_INTEGRITY_POLICY_RULE to reflect the IMA p
The AUDIT_FILTER_TYPE name is vague and misleading due to not describing
where or when the filter is applied and obsolete due to its available
filter fields having been expanded.
Userspace has already renamed it from AUDIT_FILTER_TYPE to
AUDIT_FILTER_EXCLUDE without checking if it already exists.
On Tue, Jun 5, 2018 at 10:15 AM, Mimi Zohar wrote:
> Hi Paul,
>
> On Mon, 2018-06-04 at 20:21 -0400, Paul Moore wrote:
>> On Mon, Jun 4, 2018 at 4:54 PM, Stefan Berger
>> wrote:
>> > The AUDIT_INTEGRITY_RULE is used for auditing IMA policy rules and
>> > the IMA "audit" policy action. This patch
Remove comparison of audit_enabled to magic numbers outside of audit.
Related: https://github.com/linux-audit/audit-kernel/issues/86
Signed-off-by: Richard Guy Briggs
---
drivers/tty/tty_audit.c | 2 +-
include/linux/audit.h| 5 -
include/net/xfrm.h | 2 +-
kernel/aud
el.org/pub/scm/linux/kernel/git/pcmoore/audit.git
tags/audit-pr-20180605
for you to fetch changes up to 5b71388663c0920848c0ee7de946970a2692b76d:
audit: Fix wrong task in comparison of session ID
(2018-05-21 14:27:43 -0400)
au