Re: [RFC PATCH ghak90 (was ghak32) V3 02/10] audit: log container info of syscalls

On 2018-07-23 14:31, Paul Moore wrote: > On Mon, Jul 23, 2018 at 12:48 PM Steve Grubb wrote: > > On Monday, July 23, 2018 11:11:48 AM EDT Richard Guy Briggs wrote: > > > On 2018-07-23 09:19, Steve Grubb wrote: > > > > On Sunday, July 22, 2018 4:55:10 PM EDT Richard Guy Briggs wrote: > > > > > On 2

Re: [PATCH v2] audit: fix potential null dereference 'context->module.name'

On 2018-07-25 10:26, Yi Wang wrote: > The variable 'context->module.name' may be null pointer when > kmalloc return null, so it's better to check it before using > to avoid null dereference. > Another one more thing this patch does is using kstrdup instead > of (kmalloc + strcpy), and signal a lost

Re: [RFC PATCH ghak9 0/3] audit: Record the path of FDs passed to *at(2) syscalls

On Wednesday, July 25, 2018 9:02:50 AM EDT Ondrej Mosnacek wrote: > On Wed, Jul 25, 2018 at 2:48 PM Steve Grubb wrote: > > On Wednesday, July 25, 2018 3:44:07 AM EDT Ondrej Mosnacek wrote: > > > On Wed, Jul 25, 2018 at 3:11 AM Steve Grubb wrote: > > > > On Tuesday, July 24, 2018 6:15:54 PM EDT Pa

Re: [RFC PATCH ghak9 0/3] audit: Record the path of FDs passed to *at(2) syscalls

On Wed, Jul 25, 2018 at 2:48 PM Steve Grubb wrote: > On Wednesday, July 25, 2018 3:44:07 AM EDT Ondrej Mosnacek wrote: > > On Wed, Jul 25, 2018 at 3:11 AM Steve Grubb wrote: > > > On Tuesday, July 24, 2018 6:15:54 PM EDT Paul Moore wrote: > > > > On Tue, Jul 24, 2018 at 10:12 AM Ondrej Mosnacek

Re: [RFC PATCH ghak9 0/3] audit: Record the path of FDs passed to *at(2) syscalls

On Wednesday, July 25, 2018 3:44:07 AM EDT Ondrej Mosnacek wrote: > On Wed, Jul 25, 2018 at 3:11 AM Steve Grubb wrote: > > On Tuesday, July 24, 2018 6:15:54 PM EDT Paul Moore wrote: > > > On Tue, Jul 24, 2018 at 10:12 AM Ondrej Mosnacek > > > > > > > Beyond that, there is really no information i

[PATCH v2] audit: fix potential null dereference 'context->module.name'

The variable 'context->module.name' may be null pointer when kmalloc return null, so it's better to check it before using to avoid null dereference. Another one more thing this patch does is using kstrdup instead of (kmalloc + strcpy), and signal a lost record via audit_log_lost. Signed-off-by: Yi

Re: [PATCH] audit: fix potential null dereference 'context->module.name'

> On Tue, Jul 24, 2018 at 6:38 PM Eric Paris wrote: > > On Tue, 2018-07-24 at 15:55 -0400, Paul Moore wrote: > > > On Tue, Jul 24, 2018 at 7:39 AM Eric Paris wrote: > > > > Would it make more sense to actually check for failure on > > > > allocation > > > > rather than try to remember to deal wit

Re: [RFC PATCH ghak90 (was ghak32) V3 08/10] audit: NETFILTER_PKT: record each container ID associated with a netNS

CC'ing Netfilter. On Wed, Jun 6, 2018 at 6:58 PM, Richard Guy Briggs wrote: > Add audit container identifier auxiliary record(s) to NETFILTER_PKT > event standalone records. Iterate through all potential audit container > identifiers associated with a network namespace. > > Signed-off-by: Richar

[PATCH] audit: fix potential null dereference 'context->module.name'

The variable 'context->module.name' may be null pointer when kmalloc return null, so it's better to check it before using to avoid null dereference. Signed-off-by: Yi Wang Reviewed-by: Jiang Biao --- kernel/auditsc.c | 11 --- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git

Re: [RFC PATCH ghak9 0/3] audit: Record the path of FDs passed to *at(2) syscalls

On Wed, Jul 25, 2018 at 3:11 AM Steve Grubb wrote: > On Tuesday, July 24, 2018 6:15:54 PM EDT Paul Moore wrote: > > On Tue, Jul 24, 2018 at 10:12 AM Ondrej Mosnacek > > > Beyond that, there is really no information in the records that would > > > allow reconstructing which PARENT path belongs to