On Mon, Jun 7, 2021 at 2:40 PM Richard Guy Briggs wrote:
> On 2021-06-05 23:23, Paul Moore wrote:
> > [NOTE: As this is an RFC patch, I wanted to add some commentary at
> > the top of the patch description explaining where this patch came
> > from and what testing has been done. This patch is a
On Mon, May 31, 2021 at 9:45 AM Richard Guy Briggs wrote:
>
> The commit ("audit: add filtering for io_uring records") added support for
> filtering io_uring operations.
>
> Add checks to the audit io_uring filtering code for directory and path
> watches,
> and to keep the list counts consistent.
On 2021-06-07 14:38, Steve Grubb wrote:
> On Monday, June 7, 2021 1:42:49 PM EDT Richard Guy Briggs wrote:
> > On 2021-06-07 11:32, Steve Grubb wrote:
> > > Hello,
> > >
> > > While patching up the event normalizer, I run across these events which
> > > really have no useful information:
> > >
>
On 2021-06-05 23:23, Paul Moore wrote:
> [NOTE: As this is an RFC patch, I wanted to add some commentary at
> the top of the patch description explaining where this patch came
> from and what testing has been done. This patch is a derivative
> of another unreleased patch that removed all of the
On Monday, June 7, 2021 1:42:49 PM EDT Richard Guy Briggs wrote:
> On 2021-06-07 11:32, Steve Grubb wrote:
> > Hello,
> >
> > While patching up the event normalizer, I run across these events which
> > really have no useful information:
> >
> > type=BPF msg=audit(1622913714.840:15017): prog-id=13
On Mon, Jun 7, 2021 at 1:51 PM Richard Guy Briggs wrote:
> On 2021-06-07 13:07, Paul Moore wrote:
> > On Mon, Jun 7, 2021 at 5:58 AM Sergey Nazarov wrote:
> > > Hi, Paul!
> > > I think this could be easer. It's enouth to rename AUDIT_DISABLE only.
> > > enum audit_state deals with per-task syscal
On 2021-06-07 12:09, Andreas Hasenack wrote:
> Hi,
>
> I was reading up on setting loginuid immutable, and was wondering what
> are the current known problematic cases.
>
> In general, anything that requires switching a set loginuid to another
> value will be blocked:
> - sshd started on another
On 2021-06-07 13:07, Paul Moore wrote:
> On Mon, Jun 7, 2021 at 5:58 AM Sergey Nazarov wrote:
> > Hi, Paul!
> > I think this could be easer. It's enouth to rename AUDIT_DISABLE only.
> > enum audit_state deals with per-task syscalls audit context, so we can
> > use AUDIT_CONTEXT_DISABLED for examp
On 2021-06-07 11:32, Steve Grubb wrote:
> Hello,
>
> While patching up the event normalizer, I run across these events which
> really have no useful information:
>
> type=BPF msg=audit(1622913714.840:15017): prog-id=137 op=UNLOAD
>
> type=TIME_INJOFFSET msg=audit(1622547739.500:4): sec=0 nsec=4
On Mon, Jun 7, 2021 at 5:58 AM Sergey Nazarov wrote:
> Hi, Paul!
> I think this could be easer. It's enouth to rename AUDIT_DISABLE only.
> enum audit_state deals with per-task syscalls audit context, so we can
> use AUDIT_CONTEXT_DISABLED for example. If it's okay, I can send a new
> patch versio
Hello,
While patching up the event normalizer, I run across these events which
really have no useful information:
type=BPF msg=audit(1622913714.840:15017): prog-id=137 op=UNLOAD
type=TIME_INJOFFSET msg=audit(1622547739.500:4): sec=0 nsec=486383948
type=NETFILTER_CFG msg=audit(06/06/2021 08:44:
Hi,
I was reading up on setting loginuid immutable, and was wondering what
are the current known problematic cases.
In general, anything that requires switching a set loginuid to another
value will be blocked:
- sshd started on another port by the logged in user to debug
something, and that debug
Hi, Paul!
I think this could be easer. It's enouth to rename AUDIT_DISABLE only.
enum audit_state deals with per-task syscalls audit context, so we can
use AUDIT_CONTEXT_DISABLED for example. If it's okay, I can send a new
patch version.
В Сб, 05/06/2021 в 22:40 -0400, Paul Moore пишет:
> On Fri,
13 matches
Mail list logo
