On Thu, May 20, 2021 at 4:03 AM Christian Brauner
wrote:
> On Wed, May 19, 2021 at 04:00:22PM -0400, Richard Guy Briggs wrote:
> > Since the openat2(2) syscall uses a struct open_how pointer to communicate
> > its parameters they are not usefully recorded by the audit SYSCALL record's
> > four exi
On Thu, May 20, 2021 at 3:58 AM Christian Brauner
wrote:
> On Wed, May 19, 2021 at 04:00:21PM -0400, Richard Guy Briggs wrote:
> > The openat2(2) syscall was added in kernel v5.6 with commit fddb5d430ad9
> > ("open: introduce openat2(2) syscall")
> >
> > Add the openat2(2) syscall to the audit sys
On Sun, May 23, 2021 at 4:26 PM Pavel Begunkov wrote:
> On 5/22/21 3:36 AM, Paul Moore wrote:
> > On Fri, May 21, 2021 at 8:22 PM Pavel Begunkov
> > wrote:
> >> On 5/21/21 10:49 PM, Paul Moore wrote:
> [...]
> >>>
> >>> + if (req->opcode < IORING_OP_LAST)
> >>
> >> always true at this point
Hello Casey,
On Monday, May 24, 2021 11:53:30 AM EDT Casey Schaufler wrote:
> On 5/22/2021 7:00 PM, Steve Grubb wrote:
> > On Friday, May 21, 2021 6:05:41 PM EDT Casey Schaufler wrote:
> The record is produced only in cases where there is more than one
> security module with a process "c
On 5/22/2021 7:00 PM, Steve Grubb wrote:
> On Friday, May 21, 2021 6:05:41 PM EDT Casey Schaufler wrote:
The record is produced only in cases where there is more than one
security module with a process "context".
In cases where this record is produced the subj= fields of
other r
