Re: [PATCH v2] audit: report audit wait metric in audit status reply

On Fri, Jul 03, 2020 at 05:29:49PM -0400, Richard Guy Briggs wrote: > On 2020-07-02 16:42, Paul Moore wrote: > > On Wed, Jul 1, 2020 at 5:32 PM Max Englander > > wrote: > > > > > > In environments where the preservation of audit events and predictable > > > usage of system memory are

Re: [PATCH v2] audit: report audit wait metric in audit status reply

On Thu, Jul 02, 2020 at 04:42:13PM -0400, Paul Moore wrote: > On Wed, Jul 1, 2020 at 5:32 PM Max Englander wrote: > > > > In environments where the preservation of audit events and predictable > > usage of system memory are prioritized, admins may use a combination of > > --backlog_wait_time and

[PATCH ghak84 v3] audit: purge audit_log_string from the intra-kernel audit API

audit_log_string() was inteded to be an internal audit function and since there are only two internal uses, remove them. Purge all external uses of it by restructuring code to use an existing audit_log_format() or using audit_log_format(). Please see the upstream issue

Re: [PATCH v2] audit: report audit wait metric in audit status reply

On 2020-07-02 16:42, Paul Moore wrote: > On Wed, Jul 1, 2020 at 5:32 PM Max Englander wrote: > > > > In environments where the preservation of audit events and predictable > > usage of system memory are prioritized, admins may use a combination of > > --backlog_wait_time and -b options at the

Re: [PATCH] audit: use the proper gfp flags in the audit_log_nfcfg() calls

On 2020-07-03 09:36, Paul Moore wrote: > Commit 142240398e50 ("audit: add gfp parameter to audit_log_nfcfg") > incorrectly passed gfp flags to audit_log_nfcfg() which were not > consistent with the calling function, this commit fixes that. > > Fixes: 142240398e50 ("audit: add gfp parameter to

[PATCH ghak122 v1] audit: store event sockaddr in case of no rules

When there are no rules present, the event SOCKADDR record is not generated due to audit_dummy_context() generated at syscall entry from audit_n_rules. Store this information if there is a context present to store it so that mandatory events are more complete (startup, LSMs...). Please see the

[PATCH ghak84 v2] audit: purge audit_log_string from the intra-kernel audit API

audit_log_string() was inteded to be an internal audit function and since there are only two internal uses, remove them. Purge all external uses of it by restructuring code to use an existing audit_log_format() or using audit_log_format(). Please see the upstream issue

[PATCH ghak96 v3] audit: issue CWD record to accompany LSM_AUDIT_DATA_* records

The LSM_AUDIT_DATA_* records for PATH, FILE, IOCTL_OP, DENTRY and INODE are incomplete without the task context of the AUDIT Current Working Directory record. Add it. This record addition can't use audit_dummy_context to determine whether or not to store the record information since the

Re: [PATCH ghak124 v3fix] audit: add gfp parameter to audit_log_nfcfg

Doesn't seem entirely consistent now either though. Two cases below. /Jones On Sun, Jun 28, 2020 at 5:27 AM Richard Guy Briggs wrote: > > Fixed an inconsistent use of GFP flags in nft_obj_notify() that used > GFP_KERNEL when a GFP flag was passed in to that function. Given this > allocated

Re: [PATCH ghak124 v3fix] audit: add gfp parameter to audit_log_nfcfg

On Fri, Jul 3, 2020 at 8:41 AM Jones Desougi wrote: > > Doesn't seem entirely consistent now either though. Two cases below. Yes, you're right, that patch was incorrect; thanks for catching that. I just posted a fix (lore link below) that fixes the two problems you pointed out as well as

[PATCH] audit: use the proper gfp flags in the audit_log_nfcfg() calls

Commit 142240398e50 ("audit: add gfp parameter to audit_log_nfcfg") incorrectly passed gfp flags to audit_log_nfcfg() which were not consistent with the calling function, this commit fixes that. Fixes: 142240398e50 ("audit: add gfp parameter to audit_log_nfcfg") Reported-by: Jones Desougi