On Thu, Jun 4, 2020 at 9:21 AM Richard Guy Briggs wrote:
>
> iptables, ip6tables, arptables and ebtables table registration,
> replacement and unregistration configuration events are logged for the
> native (legacy) iptables setsockopt api, but not for the
> nftables netlink api which is used by t
On Thu, Jun 18, 2020 at 8:30 PM Richard Guy Briggs wrote:
> On 2020-06-18 23:48, Max Englander wrote:
> > In case you’re any more receptive to the idea, I thought I’d mention
> > that the need this patch addresses would be just as well fulfilled if
> > wait times were reported in the audit status
On Thu, Jun 18, 2020 at 5:10 PM Lakshmi Ramasubramanian
wrote:
>
> Error code is not included in the audit messages logged by
> the integrity subsystem.
>
> Define a new function integrity_audit_message() that takes error code
> in the "errno" parameter. Add "errno" field in the audit messages log
On Thu, 2020-06-18 at 14:10 -0700, Lakshmi Ramasubramanian wrote:
> process_buffer_measurement() and ima_alloc_key_entry() functions need to
> log an audit message for auditing integrity measurement failures.
>
> Add audit message in these two functions. Remove "pr_devel" log message
> in process_
