[PATCH audit-next 2/2] Audit: make audit netlink socket net namespace unaware

per-netns audit kernel side socket(audit_sock), it's pain to depend on and get reference of netns for auditns. Signed-off-by: Gao feng gaof...@cn.fujitsu.com --- kernel/audit.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/kernel/audit.c b/kernel/audit.c index b62153a..2ac6212 100644

[PATCH audit-next 1/2] audit: revert commit listen in all network namespaces

things easy and we needn't to consider the complicate cases. Signed-off-by: Gao feng gaof...@cn.fujitsu.com --- kernel/audit.c | 61 ++ kernel/audit.h | 4 2 files changed, 10 insertions(+), 55 deletions(-) diff --git a/kernel/audit.c b

Re: [PATCH 1/2] audit: print error message when fail to create audit socket

On 01/08/2014 08:53 AM, Andrew Morton wrote: On Tue, 17 Dec 2013 11:10:41 +0800 Gao feng gaof...@cn.fujitsu.com wrote: print the error message and then return -ENOMEM. ... --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1083,12 +1083,11 @@ static int __net_init audit_net_init(struct net

Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

On 12/21/2013 05:15 AM, Serge E. Hallyn wrote: Quoting Gao feng (gaof...@cn.fujitsu.com): On 12/11/2013 04:36 AM, Serge E. Hallyn wrote: Quoting Eric Paris (epa...@redhat.com): On Tue, 2013-12-10 at 10:51 -0600, Serge Hallyn wrote: Quoting Gao feng (gaof...@cn.fujitsu.com): On 12/10/2013 02

Re: [PATCH] audit: listen in all network namespaces

On 12/20/2013 02:40 AM, Eric Paris wrote: On Thu, 2013-12-19 at 11:59 +0800, Gao feng wrote: On 07/17/2013 04:32 AM, Richard Guy Briggs wrote: Convert audit from only listening in init_net to use register_pernet_subsys() to dynamically manage the netlink socket list. Signed-off-by: Richard

Re: [PATCH] audit: fix build error when disable audit

On 12/20/2013 09:19 AM, Richard Guy Briggs wrote: On 13/12/19, Gao feng wrote: On 12/19/2013 10:34 AM, Gao feng wrote: kernel/capability.c: In function ‘SYSC_capset’: kernel/capability.c:280:2: warning: passing argument 1 of ‘audit_log_capset’ makes integer from pointer without a cast

Re: [PATCH] audit: fix build error when disable audit

On 12/20/2013 09:40 AM, Richard Guy Briggs wrote: On 13/12/20, Gao feng wrote: On 12/20/2013 09:19 AM, Richard Guy Briggs wrote: On 13/12/19, Gao feng wrote: On 12/19/2013 10:34 AM, Gao feng wrote: kernel/capability.c: In function ‘SYSC_capset’: kernel/capability.c:280:2: warning: passing

Re: [PATCH] audit: listen in all network namespaces

On 12/20/2013 02:40 AM, Eric Paris wrote: On Thu, 2013-12-19 at 11:59 +0800, Gao feng wrote: On 07/17/2013 04:32 AM, Richard Guy Briggs wrote: Convert audit from only listening in init_net to use register_pernet_subsys() to dynamically manage the netlink socket list. Signed-off-by: Richard

Re: [PATCH] audit: listen in all network namespaces

On 12/20/2013 11:11 AM, Eric Paris wrote: On Fri, 2013-12-20 at 10:46 +0800, Gao feng wrote: On 12/20/2013 02:40 AM, Eric Paris wrote: On Thu, 2013-12-19 at 11:59 +0800, Gao feng wrote: On 07/17/2013 04:32 AM, Richard Guy Briggs wrote: we have to store audit_sock into auditns(auditns

Re: [PATCH] audit: fix build error when disable audit

On 12/19/2013 10:34 AM, Gao feng wrote: kernel/capability.c: In function ‘SYSC_capset’: kernel/capability.c:280:2: warning: passing argument 1 of ‘audit_log_capset’ makes integer from pointer without a cast [enabled by default] audit_log_capset(new, current_cred()); ^ In file included

[PATCH] audit: fix build error when disable audit

()); ^ In file included from kernel/capability.c:10:0: include/linux/audit.h:400:20: note: declared here static inline void audit_log_capset(pid_t pid, const struct cred *new, ^ make[1]: *** [kernel/capability.o] Error 1 Signed-off-by: Gao feng gaof...@cn.fujitsu.com --- include

Re: [PATCH] audit: listen in all network namespaces

, and no matter which netns the user space audit netlink sockets belong to, they all can find out and communicate with audit_sock. This gets rid of the necessary to create per-netns audit kernel side socket(audit_sock), it's pain to depend on and get reference of netns for auditns. Signed-off-by: Gao

[PATCH 1/2] audit: print error message when fail to create audit socket

print the error message and then return -ENOMEM. Signed-off-by: Gao feng gaof...@cn.fujitsu.com --- kernel/audit.c | 9 - 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/kernel/audit.c b/kernel/audit.c index 2a0ed0b..041b951 100644 --- a/kernel/audit.c +++ b/kernel/audit.c

[PATCH 2/2] audit: fix incorrect set of audit_sock

be released anytime, so the audit_sock may point to invalid socket. this patch sets the audit_sock to the kernel side audit netlink socket. Signed-off-by: Gao feng gaof...@cn.fujitsu.com --- kernel/audit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/audit.c b/kernel

Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

On 12/11/2013 04:36 AM, Serge E. Hallyn wrote: Quoting Eric Paris (epa...@redhat.com): On Tue, 2013-12-10 at 10:51 -0600, Serge Hallyn wrote: Quoting Gao feng (gaof...@cn.fujitsu.com): On 12/10/2013 02:26 AM, Serge Hallyn wrote: Quoting Gao feng (gaof...@cn.fujitsu.com): On 12/07/2013 06:12

Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

On 12/10/2013 02:26 AM, Serge Hallyn wrote: Quoting Gao feng (gaof...@cn.fujitsu.com): On 12/07/2013 06:12 AM, Serge E. Hallyn wrote: Quoting Gao feng (gaof...@cn.fujitsu.com): Hi On 10/24/2013 03:31 PM, Gao feng wrote: Here is the v1 patchset: http://lwn.net/Articles/549546/ The main

Re: [PATCH 18/20] audit: add new message type AUDIT_CREATE_NS

On 12/10/2013 01:53 AM, Serge Hallyn wrote: Quoting Gao feng (gaof...@cn.fujitsu.com): On 12/07/2013 06:10 AM, Serge E. Hallyn wrote: Quoting Gao feng (gaof...@cn.fujitsu.com): Since there is no more place for flags of clone system call. we need to find a way to create audit namespace

Re: [PATCH 16/20] audit: allow GET, SET, USER MSG operations in audit namespace

On 12/07/2013 06:00 AM, Serge E. Hallyn wrote: Quoting Gao feng (gaof...@cn.fujitsu.com): 1, remove the permission check of pid namespace. it's no reason to deny un-init pid namespace to operate audit subsystem. 2, only allow init user namespace and init audit namespace to operate list

Re: [PATCH 18/20] audit: add new message type AUDIT_CREATE_NS

On 12/07/2013 06:10 AM, Serge E. Hallyn wrote: Quoting Gao feng (gaof...@cn.fujitsu.com): Since there is no more place for flags of clone system call. we need to find a way to create audit namespace. this patch add a new type of message AUDIT_CREATE_NS. user space can create new audit

Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

On 12/07/2013 06:12 AM, Serge E. Hallyn wrote: Quoting Gao feng (gaof...@cn.fujitsu.com): Hi On 10/24/2013 03:31 PM, Gao feng wrote: Here is the v1 patchset: http://lwn.net/Articles/549546/ The main target of this patchset is allowing user in audit namespace to generate the USER_MSG type

Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

Hi Serge, Thanks for your comments! On 12/07/2013 05:31 AM, Serge E. Hallyn wrote: Quoting Gao feng (gaof...@cn.fujitsu.com): Here is the v1 patchset: http://lwn.net/Articles/549546/ The main target of this patchset is allowing user in audit namespace to generate the USER_MSG type of audit

Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

Hi On 10/24/2013 03:31 PM, Gao feng wrote: Here is the v1 patchset: http://lwn.net/Articles/549546/ The main target of this patchset is allowing user in audit namespace to generate the USER_MSG type of audit message, some userspace tools need to generate audit message, or these tools

Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

On 11/06/2013 03:14 AM, Richard Guy Briggs wrote: On Tue, Nov 05, 2013 at 04:56:55PM +0800, Gao feng wrote: On 11/05/2013 04:11 PM, Li Zefan wrote: On 2013/11/5 15:52, Gao feng wrote: On 11/05/2013 03:51 PM, Gao feng wrote: Ping... I want to catch up the merge window.. Even if your

Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

On 11/06/2013 03:14 AM, Richard Guy Briggs wrote: On Tue, Nov 05, 2013 at 04:56:55PM +0800, Gao feng wrote: On 11/05/2013 04:11 PM, Li Zefan wrote: On 2013/11/5 15:52, Gao feng wrote: On 11/05/2013 03:51 PM, Gao feng wrote: Ping... I want to catch up the merge window.. Even if your

Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

On 11/05/2013 03:51 PM, Gao feng wrote: Ping... I want to catch up the merge window.. On 10/31/2013 11:52 AM, Gao feng wrote: Hi Eric Paris, Can you give me some comments? You think the tying audit namespace to user namespace is a bad idea, so this patchset doesn't assign auditns

Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

Ping... On 10/31/2013 11:52 AM, Gao feng wrote: Hi Eric Paris, Can you give me some comments? You think the tying audit namespace to user namespace is a bad idea, so this patchset doesn't assign auditns to userns and introduce an new audit netlink type to help to create audit namespace

Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

On 11/05/2013 04:11 PM, Li Zefan wrote: On 2013/11/5 15:52, Gao feng wrote: On 11/05/2013 03:51 PM, Gao feng wrote: Ping... I want to catch up the merge window.. Even if your patches are accepted by a certain maintainer immediately, he will in no doubt queue them for 3.14. Yes, you

Re: [PATCH 5/5] audit: change the type of oldloginuid from kuid_t to unsigned long

On 11/02/2013 01:00 PM, Richard Guy Briggs wrote: On Fri, Nov 01, 2013 at 07:34:46PM +0800, Gao feng wrote: The type of oldloginuid should be unsigned long. Can you say why unsigned long rather than int returned from audit_get_sessionid() or unsigned int expected by audit_log_set_loginuid

[PATCH v2] audit: fix incorrect type of sessionid

The type of task-sessionid is unsigned int, the return type of audit_get_sessionid should be consistent with it. And this patch also changes the type of oldsessionid to unsigned int. Signed-off-by: Gao feng gaof...@cn.fujitsu.com --- include/linux/audit.h | 4 ++-- kernel/auditsc.c | 3

[PATCH 1/5] audit: fix incorrect order of log new and old feature

The order of new feature and old feature is incorrect, this patch fix it. Acked-by: Eric Paris epa...@redhat.com Signed-off-by: Gao feng gaof...@cn.fujitsu.com --- kernel/audit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/audit.c b/kernel/audit.c index 7c7c028

[PATCH 2/5] audit: don't generate audit feature changed log when audit disabled

If audit is disabled,we shouldn't generate the audit log. Acked-by: Eric Paris epa...@redhat.com Signed-off-by: Gao feng gaof...@cn.fujitsu.com --- kernel/audit.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/audit.c b/kernel/audit.c index f16f835..c307786 100644 --- a/kernel

[PATCH 4/5] audit: don't generate loginuid log when audit disabled

If audit is disabled, we shouldn't generate loginuid audit log. Acked-by: Eric Paris epa...@redhat.com Signed-off-by: Gao feng gaof...@cn.fujitsu.com --- kernel/auditsc.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 065c7a1..ceb396f 100644

[PATCH 5/5] audit: change the type of oldloginuid from kuid_t to unsigned long

The type of oldloginuid should be unsigned long. Signed-off-by: Gao feng gaof...@cn.fujitsu.com --- kernel/auditsc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index ceb396f..9f871ad 100644 --- a/kernel/auditsc.c +++ b/kernel

[PATCH 1/3] audit: fix incorrect order of log new and old feature

Signed-off-by: Gao feng gaof...@cn.fujitsu.com --- kernel/audit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/audit.c b/kernel/audit.c index 7c7c028..f16f835 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -664,7 +664,7 @@ static void audit_log_feature_change

[PATCH] audit: don't generate loginuid log when audit disabled

Signed-off-by: Gao feng gaof...@cn.fujitsu.com --- kernel/auditsc.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 065c7a1..92d0e92 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1990,6 +1990,9 @@ static void audit_log_set_loginuid

Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit

of net namespaces have ability to send/ receive audit netlink message. I may miss some points, if you find there are some shortage or loophole, please let me know. Thanks! On 10/24/2013 03:31 PM, Gao feng wrote: Here is the v1 patchset: http://lwn.net/Articles/549546/ The main target

Re: [PATCH 1/3] audit: fix incorrect order of log new and old feature

Hi Eric Richard, On 10/31/2013 11:49 PM, Eric Paris wrote: On Thu, 2013-10-31 at 11:39 -0400, Richard Guy Briggs wrote: On Thu, Oct 31, 2013 at 04:27:56PM +0800, Gao feng wrote: Signed-off-by: Gao feng gaof...@cn.fujitsu.com Gao, Could you provide some description, justification

Re: [PATCH] audit: don't generate loginuid log when audit disabled

On 10/31/2013 10:50 PM, Steve Grubb wrote: On Thursday, October 31, 2013 04:52:22 PM Gao feng wrote: Signed-off-by: Gao feng gaof...@cn.fujitsu.com --- kernel/auditsc.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 065c7a1..92d0e92 100644

[PATCH 12/20] audit: use proper audit_namespace in kauditd_thread

Signed-off-by: Gao feng gaof...@cn.fujitsu.com --- kernel/audit.c | 34 +- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/kernel/audit.c b/kernel/audit.c index 5524deb..b203017 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -338,11 +338,11

[RFC Part1 PATCH 00/20 v2] Add namespace support for audit

now in order to get more comments, so I can keep on improving namespace support for audit. Gao feng (20): Audit: make audit netlink socket net namespace unaware audit: introduce configure option CONFIG_AUDIT_NS audit: make audit_skb_queue per audit namespace audit: make

[PATCH 04/20] audit: make audit_skb_hold_queue per audit namespace

This patch makes audit_skb_hold_queue per audit namespace. Signed-off-by: Gao feng gaof...@cn.fujitsu.com --- include/linux/audit_namespace.h | 3 +++ kernel/audit.c | 12 +--- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/include/linux

[PATCH 14/20] audit: pass proper audit namespace to audit_log_common_recv_msg

The audit log that generated in audit namespace should be received by the auditd running in this audit namespace. Signed-off-by: Gao feng gaof...@cn.fujitsu.com --- kernel/audit.c | 21 +++-- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/kernel/audit.c b/kernel

[PATCH 17/20] nsproxy: don't make create_new_namespaces static

audit moudule will use create_new_namespaces to create new nsproxy. Signed-off-by: Gao feng gaof...@cn.fujitsu.com --- include/linux/nsproxy.h | 4 kernel/nsproxy.c| 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/include/linux/nsproxy.h b/include/linux/nsproxy.h

[PATCH 20/20] audit: introduce /proc/pid/audit_backlog_limit

through create user namespace and then create audit namespace. Inder to keep the consistent behavior as before, for init audit namespace, the backlog_limit can be changed only through netlink interface. Signed-off-by: Gao feng gaof...@cn.fujitsu.com --- fs/proc/base.c | 53

[PATCH 05/20] audit: make audit_pid per audit namespace

-by: Gao feng gaof...@cn.fujitsu.com --- include/linux/audit_namespace.h | 2 ++ kernel/audit.c | 43 ++--- kernel/audit.h | 5 ++--- kernel/auditsc.c| 6 +++--- 4 files changed, 39 insertions(+), 17 deletions

[PATCH 18/20] audit: add new message type AUDIT_CREATE_NS

, the audit_backlog_limit will be per audit namesapace, but only the privileged user has rights to modify it. and the default value of audit_backlog_limit for uninit audit namespace will be set to 0. And the audit_rate_limit will be limited too. Signed-off-by: Gao feng gaof...@cn.fujitsu.com

[PATCH 02/20] audit: introduce configure option CONFIG_AUDIT_NS

-off-by: Gao feng gaof...@cn.fujitsu.com --- include/linux/audit_namespace.h | 51 + include/linux/nsproxy.h | 11 + init/Kconfig| 10 kernel/Makefile | 2 +- kernel/audit_namespace.c| 8

[PATCH 01/20] Audit: make audit netlink socket net namespace unaware

per-netns audit kernel side socket(audit_sock), it's pain to depend on and get reference of netns for auditns. Signed-off-by: Gao feng gaof...@cn.fujitsu.com --- kernel/audit.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/kernel/audit.c b/kernel/audit.c index 7b0e23a..468950b 100644

[PATCH 07/20] aduit: make audit_nlk_portid per audit namespace

We should use audit_nlk_portid to decide to send audit netlink message to which auditd processes. it should be per audit namespace too. Signed-off-by: Gao feng gaof...@cn.fujitsu.com --- include/linux/audit_namespace.h | 2 ++ kernel/audit.c | 14 -- 2 files changed

[PATCH 16/20] audit: allow GET, SET, USER MSG operations in audit namespace

configuration, send userspace audit message. Signed-off-by: Gao feng gaof...@cn.fujitsu.com --- kernel/audit.c | 13 ++--- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/kernel/audit.c b/kernel/audit.c index 095f54d..c4d4291 100644 --- a/kernel/audit.c +++ b/kernel

[PATCH 03/20] audit: make audit_skb_queue per audit namespace

This patch makes audit_skb_queue per audit namespace, Since we haven't finished the preparations, only allow user to attach/detach skb to the queue of init_audit_ns. Signed-off-by: Gao feng gaof...@cn.fujitsu.com --- include/linux/audit_namespace.h | 3 +++ kernel/audit.c | 18

[PATCH 11/20] audit: use proper audit namespace in audit_receive_msg

Signed-off-by: Gao feng gaof...@cn.fujitsu.com --- kernel/audit.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/kernel/audit.c b/kernel/audit.c index 2132929..5524deb 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -662,11 +662,11 @@ static int

[PATCH 08/20] audit: make kaudit_wait queue per audit namespace

kauditd_task is added to the wait queue kaudit_wait when there is no audit message being generated in audit namespace, so the kaudit_wait should be per audit namespace too. Signed-off-by: Gao feng gaof...@cn.fujitsu.com --- include/linux/audit_namespace.h | 2 ++ kernel/audit.c

Re: [PATCH] audit: change pid to portid for audit_reply

On 10/24/2013 03:20 AM, Richard Guy Briggs wrote: On Wed, Oct 23, 2013 at 07:25:23PM +0800, Gao feng wrote: The pid is not a suitable name for netlink port, change it to portid. That is already in the works: https://www.redhat.com/archives/linux-audit/2013-August/msg00023.html

[PATCH] audit: remove useless code in audit_enable

Since kernel parameter is operated before initcall, so the audit_initialized must be AUDIT_UNINITIALIZED or DISABLED in audit_enable. Signed-off-by: Gao feng gaof...@cn.fujitsu.com --- kernel/audit.c | 13 ++--- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/kernel

Re: [BUG][PATCH] audit: audit_log_start running on auditd should not stop

On 10/24/2013 03:55 AM, Richard Guy Briggs wrote: On Tue, Oct 15, 2013 at 02:30:34PM +0800, Gao feng wrote: Hi Toshiyuki-san, Toshiuki and Gao, On 10/15/2013 12:43 PM, Toshiyuki Okajima wrote: The backlog cannot be consumed when audit_log_start is running on auditd even

Re: allow unlimited audit_backlog_limit [was: Re: [PATCH] audit: don't create audit log when audit_backlog_limit is zero]

On 10/23/2013 01:59 AM, Richard Guy Briggs wrote: On Mon, Oct 21, 2013 at 04:01:40PM +0800, Gao feng wrote: As the man page of auditctl said: -b backlog Set max number of outstanding audit buffers allowed (Kernel Default=64) If all buffers are full, the failure

Re: [BUG][PATCH][RFC] audit: hang up in audit_log_start executed on auditd

On 10/11/2013 09:36 AM, Toshiyuki Okajima wrote: Hi. The following reproducer causes auditd daemon hang up. (But the hang up is released after the audit_backlog_wait_time passes.) # auditctl -a exit,always -S all # reboot I reproduced the hangup on KVM, and then got a crash dump.

[PATCH] Audit: remove duplicate comments

Remove it. Signed-off-by: Gao feng gaof...@cn.fujitsu.com --- kernel/audit.c | 7 --- 1 file changed, 7 deletions(-) diff --git a/kernel/audit.c b/kernel/audit.c index 91e53d0..f94db2a 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1067,13 +1067,6 @@ static void wait_for_auditd

Re: [PATCH] audit: listen in all network namespaces

On 08/02/2013 01:57 AM, Eric Paris wrote: On Tue, 2013-07-30 at 13:22 -0400, Richard Guy Briggs wrote: On Mon, Jul 22, 2013 at 11:20:57AM +0800, Gao feng wrote: On 07/20/2013 05:15 AM, Richard Guy Briggs wrote: On Wed, Jul 17, 2013 at 11:54:21AM +0800, Gao feng wrote: Hi, Richard On 07/17

Re: [PATCH] audit: listen in all network namespaces

On 07/20/2013 05:15 AM, Richard Guy Briggs wrote: On Wed, Jul 17, 2013 at 11:54:21AM +0800, Gao feng wrote: Hi, Richard On 07/17/2013 04:32 AM, Richard Guy Briggs wrote: Convert audit from only listening in init_net to use register_pernet_subsys() to dynamically manage the netlink socket

Re: [PATCH] audit: listen in all network namespaces

Hi, Richard On 07/17/2013 04:32 AM, Richard Guy Briggs wrote: Convert audit from only listening in init_net to use register_pernet_subsys() to dynamically manage the netlink socket list. Signed-off-by: Richard Guy Briggs r...@redhat.com --- Right now audit still can't be used in uninit

Re: [Part1 PATCH 00/22] Add namespace support for audit

On 06/21/2013 11:48 AM, Gao feng wrote: On 06/20/2013 09:02 PM, Eric Paris wrote: On Thu, 2013-06-20 at 11:02 +0800, Gao feng wrote: On 06/20/2013 04:51 AM, Eric Paris wrote: On Wed, 2013-06-19 at 16:49 -0400, Aristeu Rozanski wrote: On Wed, Jun 19, 2013 at 09:53:32AM +0800, Gao feng wrote

[Part1 PATCH 00/22] Add namespace support for audit

make user audit message namespace aware. This patchset is based on linus' linux tree. You can pull this patchset from: git://github.com/gao-feng/auditns.git The following changes since commit 8177a9d79c0e942dcac3312f15585d0344d505a5 lseek(fd, n, SEEK_END) does *not* go to eof - n

Re: [Part1 PATCH 00/22] Add namespace support for audit

On 06/20/2013 09:02 PM, Eric Paris wrote: On Thu, 2013-06-20 at 11:02 +0800, Gao feng wrote: On 06/20/2013 04:51 AM, Eric Paris wrote: On Wed, 2013-06-19 at 16:49 -0400, Aristeu Rozanski wrote: On Wed, Jun 19, 2013 at 09:53:32AM +0800, Gao feng wrote: This patchset is first part of namespace

Re: [Part1 PATCH 00/22] Add namespace support for audit

On 06/21/2013 06:01 AM, Eric W. Biederman wrote: Gao feng gaof...@cn.fujitsu.com writes: On 06/20/2013 11:02 AM, Gao feng wrote: If we don't tie audit to user namespace, there is still one problem. One more problem. some audit messages are generated by some net subsystem such as netfilter

Re: [Part1 PATCH 00/22] Add namespace support for audit

On 06/20/2013 11:02 AM, Gao feng wrote: If we don't tie audit to user namespace, there is still one problem. One more problem. some audit messages are generated by some net subsystem such as netfilter. If we don't tie audit to user namespace, we have no idea where these audit messages should go

Re: [Part1 PATCH 00/22] Add namespace support for audit

On 06/20/2013 05:03 AM, Eric W. Biederman wrote: Eric Paris epa...@redhat.com writes: On Wed, 2013-06-19 at 16:49 -0400, Aristeu Rozanski wrote: On Wed, Jun 19, 2013 at 09:53:32AM +0800, Gao feng wrote: This patchset is first part of namespace support for audit. in this patchset, the mainly

Re: [PATCH RFC 00/48] Add namespace support for audit

On 06/11/2013 09:49 PM, Eric Paris wrote: On Tue, 2013-06-11 at 13:59 +0800, Gao feng wrote: On 06/11/2013 05:24 AM, Serge E. Hallyn wrote: Quoting Gao feng (gaof...@cn.fujitsu.com): On 06/07/2013 06:47 AM, Serge Hallyn wrote: Quoting Serge Hallyn (serge.hal...@ubuntu.com): Quoting Gao feng

Re: [PATCH RFC 00/48] Add namespace support for audit

On 06/11/2013 05:24 AM, Serge E. Hallyn wrote: Quoting Gao feng (gaof...@cn.fujitsu.com): On 06/07/2013 06:47 AM, Serge Hallyn wrote: Quoting Serge Hallyn (serge.hal...@ubuntu.com): Quoting Gao feng (gaof...@cn.fujitsu.com): On 05/07/2013 10:20 AM, Gao feng wrote: This patchset try to add

[PATCH 01/47] Audit: change type of audit_ever_enabled to bool

It's better to define audit_ever_enabled as bool. Signed-off-by: Gao feng gaof...@cn.fujitsu.com --- kernel/audit.c | 2 +- kernel/audit.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/audit.c b/kernel/audit.c index 21c7fa6..3a5d3f5 100644 --- a/kernel/audit.c

Re: [PATCH RFC 06/48] Audit: make kauditd_task per user namespace

On 05/07/2013 10:20 AM, Gao feng wrote: + if (ns-audit.kauditd_task) + kthread_stop(ns-audit.kauditd_task); This is buggy,will trigger warning scheduling while atomic: I will take care this problem. -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com

Re: [PATCH RFC 00/48] Add namespace support for audit

On 05/07/2013 10:20 AM, Gao feng wrote: This patchset try to add namespace support for audit. I choose to assign audit to the user namespace. Right now,there are six kinds of namespaces, such as net, mount, ipc, pid, uts and user. the first five namespaces have special usage. the audit

[PATCH RFC 00/48] Add namespace support for audit

], the kernel side audit netlink socket is created only when we create the first netns for the userns, and this userns will hold the netns until we destroy this userns. The other patches just make the audit related resources per user namespace. This patchset is sent as an RFC,any comments are welcome. Gao

Re: [PATCH RFC 00/48] Add namespace support for audit

On 05/09/2013 12:55 AM, Eric Paris wrote: What kernel are these patches against? This patchset is based on linus's tree. The last commit is d7ab7302f970a254997687a1cdede421a5635c68 (Merge tag 'mfd-3.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/same) Thanks Gao -- Linux-audit

[PATCH 2/2] audit: remove unnecessary #if CONFIG_AUDIT

The files include kernel/audit.h are complied only when CONFIG_AUDIT is set. Just like audit_pid,there is no need to surround audit_ever_enabled with CONFIG_AUDIT. Signed-off-by: Gao feng gaof...@cn.fujitsu.com --- kernel/audit.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/kernel

[PATCH RESEND] audit: don't check if kauditd is valid everytime

We only need to check if kauditd is valid after we start it, if kauditd is invalid, we will set kauditd_task to NULL. So next time, we will start kauditd again. It means if kauditd_task is not NULL,it must be valid. Signed-off-by: Gao feng gaof...@cn.fujitsu.com --- kernel/audit.c | 11