On 2019-03-27 22:17, Ondrej Mosnacek wrote:
> On Fri, Mar 15, 2019 at 7:34 PM Richard Guy Briggs wrote:
> > Add audit container identifier support to ptrace and signals. In
> > particular, the "ref" field provides a way to label the auxiliary record
> > to which it is associated.
> >
> >
On 2019-03-27 23:42, Ondrej Mosnacek wrote:
> On Fri, Mar 15, 2019 at 7:35 PM Richard Guy Briggs wrote:
> > Audit events could happen in a network namespace outside of a task
> > context due to packets received from the net that trigger an auditing
> > rule prior to being associated with a
On Mon, Mar 25, 2019 at 10:50 AM Paul Moore wrote:
> On Thu, Mar 7, 2019 at 7:33 AM Ondrej Mosnacek wrote:
> > This patchset implements auditing of (syscall-triggered) changes that
> > can modify or indirectly affect the system clock. Some of these
> > changes can already be detected by simply
On Fri, Mar 15, 2019 at 7:35 PM Richard Guy Briggs wrote:
> Add audit container identifier auxiliary record(s) to NETFILTER_PKT
> event standalone records. Iterate through all potential audit container
> identifiers associated with a network namespace.
>
> Signed-off-by: Richard Guy Briggs
On Fri, Mar 15, 2019 at 7:35 PM Richard Guy Briggs wrote:
> Audit events could happen in a network namespace outside of a task
> context due to packets received from the net that trigger an auditing
> rule prior to being associated with a running task. The network
> namespace could be in use by
On Wed, Mar 27, 2019 at 11:05 AM Mimi Zohar wrote:
> On Tue, 2019-03-26 at 19:58 -0400, Paul Moore wrote:
> > On Tue, Mar 26, 2019 at 4:40 PM Mimi Zohar wrote:
> > >
> > > Hi Richard, Paul,
> > >
> > > On Tue, 2019-03-26 at 14:49 -0400, Richard Guy Briggs wrote:
> > > > In commit fa516b66a1bf
On 2019-03-27 22:01, Ondrej Mosnacek wrote:
> On Fri, Mar 15, 2019 at 7:34 PM Richard Guy Briggs wrote:
> > Create a new audit record AUDIT_CONTAINER_ID to document the audit
> > container identifier of a process if it is present.
> >
> > Called from audit_log_exit(), syscalls are covered.
> >
>
On 2019-03-27 22:41, Ondrej Mosnacek wrote:
> On Tue, Mar 19, 2019 at 12:47 AM Richard Guy Briggs wrote:
> > On 2019-03-18 21:02, Ondrej Mosnacek wrote:
> > > On Fri, Mar 15, 2019 at 7:35 PM Richard Guy Briggs
> > > wrote:
> > > >
> > > > Implement audit container identifier filtering using the
On Tue, Mar 19, 2019 at 12:47 AM Richard Guy Briggs wrote:
> On 2019-03-18 21:02, Ondrej Mosnacek wrote:
> > On Fri, Mar 15, 2019 at 7:35 PM Richard Guy Briggs wrote:
> > >
> > > Implement audit container identifier filtering using the AUDIT_CONTID
> > > field name to send an 8-character string
On Fri, Mar 15, 2019 at 7:34 PM Richard Guy Briggs wrote:
> Add audit container identifier auxiliary record to user event standalone
> records.
>
> Signed-off-by: Richard Guy Briggs
Reviewed-by: Ondrej Mosnacek
> ---
> kernel/audit.c | 13 ++---
> 1 file changed, 6 insertions(+), 7
On Fri, Mar 15, 2019 at 7:34 PM Richard Guy Briggs wrote:
> Standalone audit records have the timestamp and serial number generated
> on the fly and as such are unique, making them standalone. This new
> function audit_alloc_local() generates a local audit context that will
> be used only for a
On Fri, Mar 15, 2019 at 7:34 PM Richard Guy Briggs wrote:
> Add audit container identifier support to ptrace and signals. In
> particular, the "ref" field provides a way to label the auxiliary record
> to which it is associated.
>
> Signed-off-by: Richard Guy Briggs
> Acked-by: Serge Hallyn
>
On Fri, Mar 15, 2019 at 7:34 PM Richard Guy Briggs wrote:
> Create a new audit record AUDIT_CONTAINER_ID to document the audit
> container identifier of a process if it is present.
>
> Called from audit_log_exit(), syscalls are covered.
>
> A sample raw event:
> type=SYSCALL
On 2019-03-27 21:38, Ondrej Mosnacek wrote:
> On Fri, Mar 15, 2019 at 7:33 PM Richard Guy Briggs wrote:
> > Implement the proc fs write to set the audit container identifier of a
> > process, emitting an AUDIT_CONTAINER_OP record to document the event.
> >
> > This is a write from the container
On Fri, Mar 15, 2019 at 7:33 PM Richard Guy Briggs wrote:
> Implement the proc fs write to set the audit container identifier of a
> process, emitting an AUDIT_CONTAINER_OP record to document the event.
>
> This is a write from the container orchestrator task to a proc entry of
> the form
On Fri, Mar 15, 2019 at 7:33 PM Richard Guy Briggs wrote:
> The audit-related parameters in struct task_struct should ideally be
> collected together and accessed through a standard audit API.
>
> Collect the existing loginuid, sessionid and audit_context together in a
> new struct
On Tue, 2019-03-26 at 19:58 -0400, Paul Moore wrote:
> On Tue, Mar 26, 2019 at 4:40 PM Mimi Zohar wrote:
> >
> > Hi Richard, Paul,
> >
> > On Tue, 2019-03-26 at 14:49 -0400, Richard Guy Briggs wrote:
> > > In commit fa516b66a1bf ("EVM: Allow runtime modification of the set of
> > > verified
17 matches
Mail list logo