[PATCH] audit: allow logging of user events in non-initial namespace.

Audit subsystem was disabled in total for user namespaces other than the initial namespace. If audit is enabled by kernel command line or audtid in initial namespace, it is now possible to allow at least logging of userspace applications inside of non-initial namespaces if CAP_AUDIT_WRITE in the c

Re: [PATCH V1] audit: log xattr args not covered by syscall record

On 5/7/2021 6:54 PM, Richard Guy Briggs wrote: > On 2021-05-07 14:03, Casey Schaufler wrote: >> On 5/7/2021 12:55 PM, Richard Guy Briggs wrote: >>> The *setxattr syscalls take 5 arguments. The SYSCALL record only lists >>> four arguments and only lists pointers of string values. The xattr name >>

Re: [PATCH v2 3/3] audit: Use syscall_get_return_value to get syscall return code in audit_syscall_exit

On Fri, Apr 23, 2021 at 6:36 AM He Zhe wrote: > > regs_return_value for some architectures like arm64 simply retrieve > register value from pt_regs without sign extension in 32-bit compatible > case and cause audit to have false syscall return code. For example, > 32-bit -13 would be treated as 42

Re: [PATCH] audit: add blank line after variable declarations

On Wed, May 5, 2021 at 12:20 PM Roni Nevalainen wrote: > > Fix the following checkpatch warning in auditsc.c: > > WARNING: Missing a blank line after declarations > > Signed-off-by: Roni Nevalainen > --- > kernel/auditsc.c | 21 + > 1 file changed, 21 insertions(+) Merged in

Re: [PATCH] audit: allow logging of user events in non-initial namespace.

On Sun, May 9, 2021 at 2:33 PM Michael Weiß wrote: > > Audit subsystem was disabled in total for user namespaces other than > the initial namespace. > > If audit is enabled by kernel command line or audtid in initial namespace, > it is now possible to allow at least logging of userspace applicatio

Re: [PATCH V1] audit: log xattr args not covered by syscall record

On Mon, May 10, 2021 at 12:30 PM Casey Schaufler wrote: > On 5/7/2021 6:54 PM, Richard Guy Briggs wrote: > > On 2021-05-07 14:03, Casey Schaufler wrote: > >> On 5/7/2021 12:55 PM, Richard Guy Briggs wrote: > >>> The *setxattr syscalls take 5 arguments. The SYSCALL record only lists > >>> four arg

Re: [PATCH V1] audit: log xattr args not covered by syscall record

On 5/10/2021 4:52 PM, Paul Moore wrote: > On Mon, May 10, 2021 at 12:30 PM Casey Schaufler > wrote: >> On 5/7/2021 6:54 PM, Richard Guy Briggs wrote: >>> On 2021-05-07 14:03, Casey Schaufler wrote: On 5/7/2021 12:55 PM, Richard Guy Briggs wrote: > The *setxattr syscalls take 5 arguments.

Re: [PATCH v3 1/3] audit: replace magic audit syscall class numbers with macros

On Fri, Apr 30, 2021 at 4:36 PM Richard Guy Briggs wrote: > > Replace audit syscall class magic numbers with macros. > > This required putting the macros into new header file > include/linux/auditscm.h since the syscall macros were included for both 64 > bit and 32 bit in any compat code, causing

Re: [PATCH V1] audit: log xattr args not covered by syscall record

On Mon, May 10, 2021 at 8:37 PM Casey Schaufler wrote: > On 5/10/2021 4:52 PM, Paul Moore wrote: > > On Mon, May 10, 2021 at 12:30 PM Casey Schaufler > > wrote: > >> On 5/7/2021 6:54 PM, Richard Guy Briggs wrote: > >>> On 2021-05-07 14:03, Casey Schaufler wrote: > On 5/7/2021 12:55 PM, Rich