Re: [PATCH 00/18] xfrm: Add compat layer

From: Dmitry Safonov Date: Sat, 28 Jul 2018 17:26:55 +0100 > Well, I think, I'll rework my patches set according to critics and > separate compat xfrm layer. I've already a selftest to check that 32/64 > bit xfrm works - so the most time-taking part is done. The way you've done the compat

Re: [PATCH v2] rfkill: fix spelling mistake contidion to condition

From: Richard Guy Briggs Date: Mon, 23 Jul 2018 14:47:30 -0400 > This came about while trying to determine if there would be any pattern > match on contid, a new audit container identifier internal variable. > This was the only one. > > Signed-off-by: Richard Guy Briggs As per MAINTAINERS,

Re: [PATCH v3] audit: log 32-bit socketcalls

From: Richard Guy Briggs Date: Tue, 17 Jan 2017 11:07:15 -0500 > 32-bit socketcalls were not being logged by audit on x86_64 systems. > Log them. This is basically a duplicate of the call from > net/socket.c:sys_socketcall(), but it addresses the impedance mismatch > between

Re: [PATCH V2] audit: log 32-bit socketcalls

From: Paul Moore Date: Mon, 16 Jan 2017 15:38:33 -0500 > David, assuming Richard makes your requested changes, any objection if > I merge this via the audit tree instead of the netdev tree? It's a > bit easier for us from a testing perspective this way ... No objection.

Re: [PATCH V2] audit: log 32-bit socketcalls

From: Richard Guy Briggs Date: Fri, 13 Jan 2017 04:51:48 -0500 > diff --git a/include/linux/audit.h b/include/linux/audit.h > index 9d4443f..43d8003 100644 > --- a/include/linux/audit.h > +++ b/include/linux/audit.h > @@ -387,6 +387,18 @@ static inline int audit_socketcall(int

Re: [PATCH] netns: avoid disabling irq for netns id

From: Paul Moore <pmo...@redhat.com> Date: Wed, 30 Nov 2016 15:35:46 -0500 > On Wed, Nov 30, 2016 at 2:58 PM, David Miller <da...@davemloft.net> wrote: >> From: Paul Moore <pmo...@redhat.com> >> Date: Tue, 29 Nov 2016 17:11:29 -0500 >> >>> From: Pau

Re: [PATCH] netns: avoid disabling irq for netns id

From: Paul Moore Date: Tue, 29 Nov 2016 17:11:29 -0500 > From: Paul Moore > > Bring back commit bc51dddf98c9 ("netns: avoid disabling irq for netns > id") now that we've fixed some audit multicast issues that caused > problems with original attempt.

Re: [RFC 0/7] netlink: Add allocation flag to netlink_unicast()

From: Masashi Honma Date: Wed, 6 Jul 2016 09:28:29 +0900 > Though currently such a use case was not found, to solve potential > issue we will add an allocation flag to netlink_unicast(). We don't solve potential issues, we solve real issues. There is no reason to add

Re: [PATCH 2/6] netlink: have netlink per-protocol bind function return an error code.

From: Richard Guy Briggs r...@redhat.com Date: Fri, 18 Apr 2014 13:34:06 -0400 @@ -1449,6 +1453,26 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr, if (!nladdr-nl_groups (nlk-groups == NULL || !(u32)nlk-groups[0])) return 0; + if

Re: [PATCH 0/6][v2] audit: implement multicast socket for journald

From: Richard Guy Briggs r...@redhat.com Date: Tue, 22 Apr 2014 21:31:52 -0400 This is a patch set Eric Paris and I have been working on to add a restricted capability read-only netlink multicast socket to kernel audit to enable userspace clients such as systemd/journald to receive audit logs,

Re: [PATCH 0/6][v2] audit: implement multicast socket for journald

From: Richard Guy Briggs r...@redhat.com Date: Tue, 22 Apr 2014 21:49:29 -0400 On 14/04/22, David Miller wrote: From: Richard Guy Briggs r...@redhat.com Date: Tue, 22 Apr 2014 21:31:52 -0400 This is a patch set Eric Paris and I have been working on to add a restricted capability read

Re: [PATCH 0/3] netlink: per-protocol bind fixup/enhancement set

From: Richard Guy Briggs r...@redhat.com Date: Tue, 1 Apr 2014 10:14:55 -0400 This set provides a way for per-protocol bind functions to signal an error and to be able to clean up after themselves. The first patch has already been accepted, but is included just in case to avoid a merge

Re: [PATCH][v5] netlink: have netlink per-protocol bind function return an error code.

From: Richard Guy Briggs r...@redhat.com Date: Mon, 24 Mar 2014 16:59:23 -0400 + if (err) + if (!nlk-portid) + netlink_remove(sk); + for (int undo =

Re: [PATCH][v6] netlink: have netlink per-protocol bind function return an error code.

From: Richard Guy Briggs r...@redhat.com Date: Tue, 25 Mar 2014 08:50:56 -0400 @@ -1441,6 +1445,24 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr, if (!nladdr-nl_groups (nlk-groups == NULL || !(u32)nlk-groups[0])) return 0; + if

Re: [PATCH] netlink: have netlink per-protocol bind function return an error code.

From: Richard Guy Briggs r...@redhat.com Date: Fri, 21 Mar 2014 12:39:11 -0400 @@ -1441,6 +1441,17 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr, if (!nladdr-nl_groups (nlk-groups == NULL || !(u32)nlk-groups[0])) return 0; + if

Re: [RFC][PATCH] audit: Simplify by assuming the callers socket buffer is large enough

From: Eric Paris epa...@redhat.com Date: Fri, 07 Mar 2014 17:52:02 -0500 The second user Eric patched, audit_send_list(), can grow without bound. The number of skb's is going to be the size of the number of audit rules that root loaded. We run the list of rules, generate an skb per rule, and

Re: [RFC][PATCH] audit: Simplify by assuming the callers socket buffer is large enough

From: Eric Paris epa...@redhat.com Date: Fri, 07 Mar 2014 17:52:02 -0500 Audit is non-tolerant to failure and loss. Netlink is not a loss-less transport. -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit

Re: [RFC][PATCH] audit: Simplify by assuming the callers socket buffer is large enough

From: Steve Grubb sgr...@redhat.com Date: Fri, 07 Mar 2014 22:27:28 -0500 On Friday, March 07, 2014 07:48:01 PM David Miller wrote: From: Eric Paris epa...@redhat.com Date: Fri, 07 Mar 2014 17:52:02 -0500 Audit is non-tolerant to failure and loss. Netlink is not a loss-less transport

Re: [RFC][PATCH] audit: Simplify by assuming the callers socket buffer is large enough

From: Andrew Morton a...@linux-foundation.org Date: Tue, 4 Mar 2014 13:30:04 -0800 On Fri, 28 Feb 2014 20:50:19 -0800 ebied...@xmission.com (Eric W. Biederman) wrote: Modify audit_send_reply to directly use a non-blocking send and to return an error on failure (if anyone cares).

Re: [RFC][PATCH] audit: Simplify by assuming the callers socket buffer is large enough

From: ebied...@xmission.com (Eric W. Biederman) Date: Tue, 04 Mar 2014 14:41:16 -0800 If we really want the ability to always appened to the queue of skb's is to just have a version of netlink_send_skb that ignores the queued limits. Of course an evil program then could force the generation

Re: [PATCH 2/3] XFRM: RFC4303 compliant auditing

From: Paul Moore [EMAIL PROTECTED] Date: Thu, 20 Dec 2007 16:42:25 -0500 This patch adds a number of new IPsec audit events to meet the auditing requirements of RFC4303. This includes audit hooks for the following events: * Could not find a valid SA [sections 2.1, 3.4.2] .

Re: [PATCH 2/3] XFRM: RFC4303 compliant auditing

From: Paul Moore [EMAIL PROTECTED] Date: Fri, 21 Dec 2007 08:51:22 -0500 Ah, looks like I may not be crazy after all! It looks like the XFRM patches from Masahide NAKAMURA were pulled into net-2.6.25 just before mine last night which caused my patches to conflict ... Sorry. I had double

Re: [PATCH 1/2] XFRM: RFC4303 compliant auditing

From: Paul Moore [EMAIL PROTECTED] Date: Fri, 21 Dec 2007 09:14:55 -0500 This patch adds a number of new IPsec audit events to meet the auditing requirements of RFC4303. This includes audit hooks for the following events: * Could not find a valid SA [sections 2.1, 3.4.2] .

Re: [PATCH] One more XFRM audit fix

From: Paul Moore [EMAIL PROTECTED] Date: Wed, 19 Dec 2007 14:29:31 -0500 The following patch is backed against David's net-2.6 tree and is pretty trivial. I know we're late in the 2.6.24 cycle but I think this is worth merging, if you guys don't feel that way let me know and I'll resubmit it

Re: [PATCH] XFRM: Display the audited SPI value in host byte order

From: Paul Moore [EMAIL PROTECTED] Date: Wed, 12 Dec 2007 14:05:42 -0500 Currently the IPsec protocol SPI values are written to the audit log in network byte order which is different from almost all other values which are recorded in host byte order. This patch corrects this inconsistency by

Re: [PATCH] XFRM: assorted IPsec fixups

From: Eric Paris [EMAIL PROTECTED] Date: Fri, 07 Dec 2007 15:36:08 -0500 On Fri, 2007-12-07 at 12:11 -0500, Paul Moore wrote: This patch fixes a number of small but potentially troublesome things in the XFRM/IPsec code: ... Signed-off-by: Paul Moore [EMAIL PROTECTED] Acked-by: Eric

Re: [PATCH v2] XFRM: assorted IPsec fixups

From: Paul Moore [EMAIL PROTECTED] Date: Tue, 11 Dec 2007 11:30:19 -0500 Sorry for not pointing this out sooner: * Convert 'sid' to 'secid' The 'sid' name is specific to SELinux, 'secid' is the common naming convention used by the kernel when refering to tokenized LSM labels ... diff

Re: [PATCH v2] XFRM: assorted IPsec fixups

From: Paul Moore [EMAIL PROTECTED] Date: Tue, 11 Dec 2007 12:15:00 -0500 I still would like to see the rest of the changes make it into 2.6.25 (the SPI byte order thing is particularly troublesome) so if you don't mind a v3 I'll respin this patch right now to remove the sid - secid bits.

Re: [PATCH]: xfrm audit calls

From: Joy Latten [EMAIL PROTECTED] Date: Tue, 11 Sep 2007 19:03:14 -0500 This patch modifies the current ipsec audit layer by breaking it up into purpose driven audit calls. So far, the only audit calls made are when add/delete an SA/policy. It had been discussed to give each key manager

Re: [PATCH] improved xfrm_audit_log() patch

From: Joy Latten [EMAIL PROTECTED] Date: Thu, 23 Aug 2007 12:15:10 -0500 For example, when auditing the addition of a policy, either xfrm_user_audit_policy_add(xp, result, skb) or pfkey_audit_policy_add(xp, result) will get called. I need two because xfrm_user gets loginuid/secid from

Re: [PATCH] improved xfrm_audit_log() patch

From: David Miller [EMAIL PROTECTED] Date: Tue, 21 Aug 2007 00:24:05 -0700 (PDT) Looks good, applied to net-2.6.24, thanks Joy. Something is still buggered up in this patch, you can't add this local audit_info variable unconditionally to these functions, and alternatively you also can't add

Re: [PATCH] improved xfrm_audit_log() patch

From: Joy Latten [EMAIL PROTECTED] Date: Wed, 15 Aug 2007 11:16:29 -0500 On Tue, 2007-08-07 at 18:32 -0700, David Miller wrote: From: Joy Latten [EMAIL PROTECTED] Date: Thu, 2 Aug 2007 15:56:47 -0500 @@ -426,10 +426,15 @@ struct xfrm_audit }; #ifdef CONFIG_AUDITSYSCALL -extern

Re: [PATCH]: 2nd revision of make xfrm_audit_log more generic

From: Joy Latten [EMAIL PROTECTED] Date: Wed, 25 Jul 2007 14:21:43 -0500 This is 2nd revision of patch to modify xfrm_audit_log() such that it can accomodate auditing other ipsec events besides add/delete of an SA or SPD entry. 2nd revision includes new define for all IPsec events in

Re: [PATCH 1/1] NetLabel: add audit support for configuration changes

From: James Morris [EMAIL PROTECTED] Date: Thu, 28 Sep 2006 15:50:42 -0400 (EDT) +struct audit_buffer *netlbl_audit_start_common(int type, u32 secid) + if (current-mm) { + down_read(current-mm-mmap_sem); + vma = current-mm-mmap; + while (vma) { +

Re: [PATCH 1/1] NetLabel: audit fixups due to delayed feedback

From: Steve Grubb [EMAIL PROTECTED] Date: Fri, 29 Sep 2006 20:00:42 -0400 On Friday 29 September 2006 18:39, [EMAIL PROTECTED] wrote: This should make NetLabel more consistent with other kernel generated audit messages specifying configuration changes. OK, this looks better. We may fine