From: Dmitry Safonov
Date: Sat, 28 Jul 2018 17:26:55 +0100
> Well, I think, I'll rework my patches set according to critics and
> separate compat xfrm layer. I've already a selftest to check that 32/64
> bit xfrm works - so the most time-taking part is done.
The way you've done the compat
From: Richard Guy Briggs
Date: Mon, 23 Jul 2018 14:47:30 -0400
> This came about while trying to determine if there would be any pattern
> match on contid, a new audit container identifier internal variable.
> This was the only one.
>
> Signed-off-by: Richard Guy Briggs
As per MAINTAINERS,
From: Richard Guy Briggs
Date: Tue, 17 Jan 2017 11:07:15 -0500
> 32-bit socketcalls were not being logged by audit on x86_64 systems.
> Log them. This is basically a duplicate of the call from
> net/socket.c:sys_socketcall(), but it addresses the impedance mismatch
> between
From: Paul Moore
Date: Mon, 16 Jan 2017 15:38:33 -0500
> David, assuming Richard makes your requested changes, any objection if
> I merge this via the audit tree instead of the netdev tree? It's a
> bit easier for us from a testing perspective this way ...
No objection.
From: Richard Guy Briggs
Date: Fri, 13 Jan 2017 04:51:48 -0500
> diff --git a/include/linux/audit.h b/include/linux/audit.h
> index 9d4443f..43d8003 100644
> --- a/include/linux/audit.h
> +++ b/include/linux/audit.h
> @@ -387,6 +387,18 @@ static inline int audit_socketcall(int
From: Paul Moore <pmo...@redhat.com>
Date: Wed, 30 Nov 2016 15:35:46 -0500
> On Wed, Nov 30, 2016 at 2:58 PM, David Miller <da...@davemloft.net> wrote:
>> From: Paul Moore <pmo...@redhat.com>
>> Date: Tue, 29 Nov 2016 17:11:29 -0500
>>
>>> From: Pau
From: Paul Moore
Date: Tue, 29 Nov 2016 17:11:29 -0500
> From: Paul Moore
>
> Bring back commit bc51dddf98c9 ("netns: avoid disabling irq for netns
> id") now that we've fixed some audit multicast issues that caused
> problems with original attempt.
From: Masashi Honma
Date: Wed, 6 Jul 2016 09:28:29 +0900
> Though currently such a use case was not found, to solve potential
> issue we will add an allocation flag to netlink_unicast().
We don't solve potential issues, we solve real issues.
There is no reason to add
From: Richard Guy Briggs r...@redhat.com
Date: Fri, 18 Apr 2014 13:34:06 -0400
@@ -1449,6 +1453,26 @@ static int netlink_bind(struct socket *sock, struct
sockaddr *addr,
if (!nladdr-nl_groups (nlk-groups == NULL || !(u32)nlk-groups[0]))
return 0;
+ if
From: Richard Guy Briggs r...@redhat.com
Date: Tue, 22 Apr 2014 21:31:52 -0400
This is a patch set Eric Paris and I have been working on to add a restricted
capability read-only netlink multicast socket to kernel audit to enable
userspace clients such as systemd/journald to receive audit logs,
From: Richard Guy Briggs r...@redhat.com
Date: Tue, 22 Apr 2014 21:49:29 -0400
On 14/04/22, David Miller wrote:
From: Richard Guy Briggs r...@redhat.com
Date: Tue, 22 Apr 2014 21:31:52 -0400
This is a patch set Eric Paris and I have been working on to add a
restricted
capability read
From: Richard Guy Briggs r...@redhat.com
Date: Tue, 1 Apr 2014 10:14:55 -0400
This set provides a way for per-protocol bind functions to signal an error and
to be able to clean up after themselves.
The first patch has already been accepted, but is included just in case to
avoid a merge
From: Richard Guy Briggs r...@redhat.com
Date: Mon, 24 Mar 2014 16:59:23 -0400
+ if (err)
+ if (!nlk-portid)
+ netlink_remove(sk);
+ for (int undo =
From: Richard Guy Briggs r...@redhat.com
Date: Tue, 25 Mar 2014 08:50:56 -0400
@@ -1441,6 +1445,24 @@ static int netlink_bind(struct socket *sock, struct
sockaddr *addr,
if (!nladdr-nl_groups (nlk-groups == NULL || !(u32)nlk-groups[0]))
return 0;
+ if
From: Richard Guy Briggs r...@redhat.com
Date: Fri, 21 Mar 2014 12:39:11 -0400
@@ -1441,6 +1441,17 @@ static int netlink_bind(struct socket *sock, struct
sockaddr *addr,
if (!nladdr-nl_groups (nlk-groups == NULL || !(u32)nlk-groups[0]))
return 0;
+ if
From: Eric Paris epa...@redhat.com
Date: Fri, 07 Mar 2014 17:52:02 -0500
The second user Eric patched, audit_send_list(), can grow without bound.
The number of skb's is going to be the size of the number of audit rules
that root loaded. We run the list of rules, generate an skb per rule,
and
From: Eric Paris epa...@redhat.com
Date: Fri, 07 Mar 2014 17:52:02 -0500
Audit is non-tolerant to failure and loss.
Netlink is not a loss-less transport.
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
From: Steve Grubb sgr...@redhat.com
Date: Fri, 07 Mar 2014 22:27:28 -0500
On Friday, March 07, 2014 07:48:01 PM David Miller wrote:
From: Eric Paris epa...@redhat.com
Date: Fri, 07 Mar 2014 17:52:02 -0500
Audit is non-tolerant to failure and loss.
Netlink is not a loss-less transport
From: Andrew Morton a...@linux-foundation.org
Date: Tue, 4 Mar 2014 13:30:04 -0800
On Fri, 28 Feb 2014 20:50:19 -0800 ebied...@xmission.com (Eric W. Biederman)
wrote:
Modify audit_send_reply to directly use a non-blocking send and
to return an error on failure (if anyone cares).
From: ebied...@xmission.com (Eric W. Biederman)
Date: Tue, 04 Mar 2014 14:41:16 -0800
If we really want the ability to always appened to the queue of skb's
is to just have a version of netlink_send_skb that ignores the queued
limits. Of course an evil program then could force the generation
From: Paul Moore [EMAIL PROTECTED]
Date: Thu, 20 Dec 2007 16:42:25 -0500
This patch adds a number of new IPsec audit events to meet the auditing
requirements of RFC4303. This includes audit hooks for the following events:
* Could not find a valid SA [sections 2.1, 3.4.2]
.
From: Paul Moore [EMAIL PROTECTED]
Date: Fri, 21 Dec 2007 08:51:22 -0500
Ah, looks like I may not be crazy after all! It looks like the XFRM patches
from Masahide NAKAMURA were pulled into net-2.6.25 just before mine last
night which caused my patches to conflict ...
Sorry. I had double
From: Paul Moore [EMAIL PROTECTED]
Date: Fri, 21 Dec 2007 09:14:55 -0500
This patch adds a number of new IPsec audit events to meet the auditing
requirements of RFC4303. This includes audit hooks for the following events:
* Could not find a valid SA [sections 2.1, 3.4.2]
.
From: Paul Moore [EMAIL PROTECTED]
Date: Wed, 19 Dec 2007 14:29:31 -0500
The following patch is backed against David's net-2.6 tree and is pretty
trivial. I know we're late in the 2.6.24 cycle but I think this is worth
merging, if you guys don't feel that way let me know and I'll resubmit it
From: Paul Moore [EMAIL PROTECTED]
Date: Wed, 12 Dec 2007 14:05:42 -0500
Currently the IPsec protocol SPI values are written to the audit log in
network byte order which is different from almost all other values which
are recorded in host byte order. This patch corrects this inconsistency
by
From: Eric Paris [EMAIL PROTECTED]
Date: Fri, 07 Dec 2007 15:36:08 -0500
On Fri, 2007-12-07 at 12:11 -0500, Paul Moore wrote:
This patch fixes a number of small but potentially troublesome things in the
XFRM/IPsec code:
...
Signed-off-by: Paul Moore [EMAIL PROTECTED]
Acked-by: Eric
From: Paul Moore [EMAIL PROTECTED]
Date: Tue, 11 Dec 2007 11:30:19 -0500
Sorry for not pointing this out sooner:
* Convert 'sid' to 'secid'
The 'sid' name is specific to SELinux, 'secid' is the common naming
convention used by the kernel when refering to tokenized LSM labels
...
diff
From: Paul Moore [EMAIL PROTECTED]
Date: Tue, 11 Dec 2007 12:15:00 -0500
I still would like to see the rest of the changes make it into
2.6.25 (the SPI byte order thing is particularly troublesome) so if
you don't mind a v3 I'll respin this patch right now to remove the
sid - secid bits.
From: Joy Latten [EMAIL PROTECTED]
Date: Tue, 11 Sep 2007 19:03:14 -0500
This patch modifies the current ipsec audit layer
by breaking it up into purpose driven audit calls.
So far, the only audit calls made are when add/delete
an SA/policy. It had been discussed to give each
key manager
From: Joy Latten [EMAIL PROTECTED]
Date: Thu, 23 Aug 2007 12:15:10 -0500
For example, when auditing the addition of a policy, either
xfrm_user_audit_policy_add(xp, result, skb) or
pfkey_audit_policy_add(xp, result) will get called.
I need two because xfrm_user gets loginuid/secid from
From: David Miller [EMAIL PROTECTED]
Date: Tue, 21 Aug 2007 00:24:05 -0700 (PDT)
Looks good, applied to net-2.6.24, thanks Joy.
Something is still buggered up in this patch, you can't add this local
audit_info variable unconditionally to these functions, and
alternatively you also can't add
From: Joy Latten [EMAIL PROTECTED]
Date: Wed, 15 Aug 2007 11:16:29 -0500
On Tue, 2007-08-07 at 18:32 -0700, David Miller wrote:
From: Joy Latten [EMAIL PROTECTED]
Date: Thu, 2 Aug 2007 15:56:47 -0500
@@ -426,10 +426,15 @@ struct xfrm_audit
};
#ifdef CONFIG_AUDITSYSCALL
-extern
From: Joy Latten [EMAIL PROTECTED]
Date: Wed, 25 Jul 2007 14:21:43 -0500
This is 2nd revision of patch to modify xfrm_audit_log() such
that it can accomodate auditing other ipsec events
besides add/delete of an SA or SPD entry.
2nd revision includes new define for all IPsec
events in
From: James Morris [EMAIL PROTECTED]
Date: Thu, 28 Sep 2006 15:50:42 -0400 (EDT)
+struct audit_buffer *netlbl_audit_start_common(int type, u32 secid)
+ if (current-mm) {
+ down_read(current-mm-mmap_sem);
+ vma = current-mm-mmap;
+ while (vma) {
+
From: Steve Grubb [EMAIL PROTECTED]
Date: Fri, 29 Sep 2006 20:00:42 -0400
On Friday 29 September 2006 18:39, [EMAIL PROTECTED] wrote:
This should make NetLabel more consistent with other kernel
generated audit messages specifying configuration changes.
OK, this looks better. We may fine
35 matches
Mail list logo