Re: [PATCH] audit: optionally print warning after waiting to enqueue record

On Wed, Jun 17, 2020 at 6:54 PM Max Englander wrote: > On Wed, Jun 17, 2020 at 02:47:19PM -0400, Paul Moore wrote: > > On Tue, Jun 16, 2020 at 12:58 AM Max Englander > > wrote: > > > > > > In environments where security is prioritized, users may set > > > --backlog_wait_time to a high value in

Re: [PATCH] audit: optionally print warning after waiting to enqueue record

On Wed, Jun 17, 2020 at 02:47:19PM -0400, Paul Moore wrote: > On Tue, Jun 16, 2020 at 12:58 AM Max Englander > wrote: > > > > In environments where security is prioritized, users may set > > --backlog_wait_time to a high value in order to reduce the likelihood > > that any audit event is lost,

Re: [PATCH 2/2] integrity: Add errno field in audit message

On Wednesday, June 17, 2020 4:44:36 PM EDT Lakshmi Ramasubramanian wrote: > Error code is not included in the audit messages logged by > the integrity subsystem. Add "errno" field in the audit messages > logged by the integrity subsystem and set the value to the error code > passed to

Re: [PATCH ghak90 V8 07/16] audit: add contid support for signalling the audit daemon

On Mon, Jun 8, 2020 at 2:04 PM Richard Guy Briggs wrote: > On 2020-04-22 13:24, Paul Moore wrote: > > On Fri, Apr 17, 2020 at 6:26 PM Eric W. Biederman > > wrote: > > > Paul Moore writes: > > > > On Thu, Apr 16, 2020 at 4:36 PM Eric W. Biederman > > > > wrote: > > > >> Paul Moore writes: >

Re: [PATCH 2/2] integrity: Add errno field in audit message

On Wed, Jun 17, 2020 at 4:44 PM Lakshmi Ramasubramanian wrote: > > Error code is not included in the audit messages logged by > the integrity subsystem. Add "errno" field in the audit messages > logged by the integrity subsystem and set the value to the error code > passed to

[PATCH 1/2] IMA: pass error code in result parameter to integrity_audit_msg()

The value passed in "result" parameter to integrity_audit_msg() is not an error code in some instances. Update these instances so that "result" parameter always contains an error code. Signed-off-by: Lakshmi Ramasubramanian --- security/integrity/ima/ima_appraise.c | 20

[PATCH 2/2] integrity: Add errno field in audit message

Error code is not included in the audit messages logged by the integrity subsystem. Add "errno" field in the audit messages logged by the integrity subsystem and set the value to the error code passed to integrity_audit_msg() in the "result" parameter. Sample audit messages: [6.284329]

[PATCH] IMA: Add audit log for failure conditions

process_buffer_measurement() and ima_alloc_key_entry() functions need to log an audit message for auditing integrity measurement failures. Add audit message in these two functions. Remove "pr_devel" log message in process_buffer_measurement(). Sample audit messages: [6.415374] audit:

Re: [PATCH] audit: Use struct_size() helper in alloc_chunk

On Mon, Jun 1, 2020 at 11:36 AM Paul Moore wrote: > On Sun, May 24, 2020 at 4:47 PM Gustavo A. R. Silva > wrote: > > One of the more common cases of allocation size calculations is finding > > the size of a structure that has a zero-sized array at the end, along > > with memory for some number

Re: [PATCH] audit: optionally print warning after waiting to enqueue record

On Tue, Jun 16, 2020 at 12:58 AM Max Englander wrote: > > In environments where security is prioritized, users may set > --backlog_wait_time to a high value in order to reduce the likelihood > that any audit event is lost, even though doing so may result in > unpredictable performance if the