On Wed, 2007-09-05 at 11:11 -0400, Steve Grubb wrote:
> On Wednesday 05 September 2007 09:46:06 Mimi Zohar wrote:
> > On Wed, 2007-07-18 at 08:05 -0700, Steve G wrote:
> > > MRPP places some requirements on intergrity checking. Maybe it tells you
> > > more information
On Thu, 2007-09-06 at 13:07 -0400, Steve Grubb wrote:
> On Wednesday 05 September 2007 15:26:22 Mimi Zohar wrote:
> > On Wed, 2007-09-05 at 11:11 -0400, Steve Grubb wrote:
> > > On Wednesday 05 September 2007 09:46:06 Mimi Zohar wrote:
> > Ok. For now, we are not releasi
We are interested in using auditing's context pathname information.
Is this the best way of accessing it?
Add support for accessing auditing's inode full pathname.
Signed-off-by: Mimi Zohar <[EMAIL PROTECTED]>
Index: security-testing-2.6/inclu
On Tue, 2008-08-12 at 19:47 -0400, Steve Grubb wrote:
> On Wednesday 06 August 2008 10:36:46 Mimi Zohar wrote:
> > We are interested in using auditing's context pathname information.
> > Is this the best way of accessing it?
> >
> > Add support for accessin
integrity: audit
This patch adds support to auditd for integrity messages, which are
issued as a result of the integrity patchset that was applied to the
security-testing-2.6/#next tree.
Signed-off-by: Mimi Zohar
Index: audit-1.7.11/src/ausearch-parse.c
On Fri, 2009-02-06 at 10:01 -0500, Steve Grubb wrote:
> On Friday 06 February 2009 07:43:50 am Mimi Zohar wrote:
> > This patch adds support to auditd for integrity messages, which are
> > issued as a result of the integrity patchset that was applied to the
> > security-t
Signed-off-by: Mimi Zohar
Signed-off-by: James Morris
---
diff --git a/MAINTAINERS b/MAINTAINERS
index 6bd7d47..12fc280 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -2175,6 +2175,11 @@ M: stef...@s5r6.in-berlin.de
L: linux1394-de...@lists.sourceforge.net
S: Maintained
-off-by: Mimi Zohar
Acked-by: Serge Hallyn
Signed-off-by: James Morris
---
diff --git a/include/linux/ima.h b/include/linux/ima.h
index dcc3664..6db30a3 100644
--- a/include/linux/ima.h
+++ b/include/linux/ima.h
@@ -19,6 +19,7 @@ extern void ima_inode_free(struct inode *inode);
extern int
From: James Morris
Fix ima_delete_rules() definition so sparse doesn't complain.
Signed-off-by: James Morris
---
diff --git a/security/integrity/ima/ima_policy.c
b/security/integrity/ima/ima_policy.c
index bd45360..23810e0 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integri
Sequentialize access to the policy file
- permit multiple attempts to replace default policy with a valid policy
Signed-off-by: Mimi Zohar
Acked-by: Serge Hallyn
Signed-off-by: James Morris
---
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index 95ef1ca
This patch replaces the generic integrity hooks, for which IMA registered
itself, with IMA integrity hooks in the appropriate places directly
in the fs directory.
Signed-off-by: Mimi Zohar
Acked-by: Serge Hallyn
Signed-off-by: James Morris
---
diff --git a/Documentation/kernel-parameters.txt
name
Signed-off-by: Mimi Zohar
Signed-off-by: James Morris
---
diff --git a/Documentation/kernel-parameters.txt
b/Documentation/kernel-parameters.txt
index 7c67b94..31e0c2c 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -895,6 +895,15 @@ and is be
Support for a user loadable policy through securityfs
with support for LSM specific policy data.
- free invalid rule in ima_parse_add_rule()
Signed-off-by: Mimi Zohar
Acked-by: Serge Hallyn
Signed-off-by: James Morris
---
diff --git a/Documentation/ABI/testing/ima_policy
b/Documentation/ABI
Make the measurement lists available through securityfs.
- removed test for NULL return code from securityfs_create_file/dir
Signed-off-by: Mimi Zohar
Acked-by: Serge Hallyn
Signed-off-by: James Morris
---
diff --git a/security/integrity/ima/Makefile b/security/integrity/ima/Makefile
index
here. These
patches are dependent on the following TPM patches:
http://lkml.org/lkml/2009/2/2/162
http://lkml.org/lkml/2009/2/5/151
The auditd patch was already posted here.
Mimi
James Morris (1):
IMA: fix ima_delete_rules() definition
Mimi Zohar (7):
integrity: IMA hook
> * 1800 - 1899 integrity labels and related events
> * 1900 - 1999 future kernel use
>
> > #define AUDIT_KERNEL 2000/* Asynchronous audit record.
> > NOT A REQUEST. */
ok
> > diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/
On Mon, 2009-02-09 at 09:51 -0500, Steve Grubb wrote:
> On Sunday 08 February 2009 09:42:42 pm Mimi Zohar wrote:
> > > > diff --git a/security/integrity/ima/ima_audit.c
> > > > b/security/integrity/ima/ima_audit.c new file mode 100644
> > > > index
- Force audit result to be either 0 or 1.
- make template names const
- Add new stand-alone message type: AUDIT_INTEGRITY_RULE
Signed-off-by: Mimi Zohar
---
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 930939a..4fa2810 100644
--- a/include/linux/audit.h
+++ b/include/linux
On Tue, 2009-02-10 at 17:00 -0500, Steve Grubb wrote:
> On Monday 09 February 2009 06:24:20 pm Mimi Zohar wrote:
> > - Force audit result to be either 0 or 1.
> > - make template names const
> > - Add new stand-alone message type: AUDIT_INTEGRITY_RULE
>
> OK, I think th
On Fri, 2009-03-06 at 17:07 -0500, Eric Paris wrote:
> I'm very slow to the game, I know, but today was the first kernel that I
> built from linux-next with IMA on. I have a comment, and hopefully more
> to come
np
> On Fri, 2009-02-06 at 14:52 -0500, Mimi Zohar
The original patch added support to auditd for integrity messages, which
are issued as a result of the integrity patchset that was applied to the
security-testing-2.6/#next tree.
This patch adds support for the new AUDIT_INTEGRITY_RULE message.
Signed-off-by: Mimi Zohar
Index: audit-1.7.11
Based on a request from Eric Paris to simplify parsing, replace
audit_log_format statements containing "%s" with audit_log_string().
Signed-off-by: Mimi Zohar
Index: security-testing-2.6/security/integrity/ima/i
d ifdef inclusion of integrity_audit_msg() (Fengguang Wu)
Signed-off-by: Mimi Zohar
---
Documentation/kernel-parameters.txt | 10 +++---
security/integrity/Kconfig | 15 +
security/integrity/Makefile | 1 +
security/integrity/ima/Kconfig | 12 ---
security/integrity/im
Before modifying an EVM protected extended attribute or any other
metadata included in the HMAC calculation, the existing 'security.evm'
is verified. This patch adds calls to integrity_audit_msg() to audit
integrity metadata failures.
Reported-by: Sven Vermeulen
Signed-off-by:
On Thu, 2018-03-01 at 14:41 -0500, Richard Guy Briggs wrote:
> Implement audit kernel container ID.
>
> This patchset is a preliminary RFC based on the proposal document (V3)
> posted:
> https://www.redhat.com/archives/linux-audit/2018-January/msg00014.html
>
> The first patch implements th
On Sun, 2018-03-04 at 22:31 -0500, Richard Guy Briggs wrote:
> On 2018-03-04 16:55, Mimi Zohar wrote:
> > On Thu, 2018-03-01 at 14:41 -0500, Richard Guy Briggs wrote:
> > > Implement audit kernel container ID.
> > >
> > > This patchset is a preliminary RF
Hi Richard,
This patch has been compiled, but not runtime tested.
---
If the containerid is defined, include it in the IMA-audit record.
Signed-off-by: Mimi Zohar
---
security/integrity/ima/ima_api.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/security/integrity/ima/ima_api.c b
On Mon, 2018-03-05 at 08:50 -0500, Richard Guy Briggs wrote:
> On 2018-03-05 08:43, Mimi Zohar wrote:
> > Hi Richard,
> >
> > This patch has been compiled, but not runtime tested.
>
> Ok, great, thank you. I assume you are offering this patch to be
> included in
On Thu, 2018-03-08 at 06:21 -0500, Richard Guy Briggs wrote:
> On 2018-03-05 09:24, Mimi Zohar wrote:
> > On Mon, 2018-03-05 at 08:50 -0500, Richard Guy Briggs wrote:
> > > On 2018-03-05 08:43, Mimi Zohar wrote:
> > > > Hi Richard,
> > > >
> > &
On Fri, 2018-05-18 at 07:49 -0400, Stefan Berger wrote:
> On 05/17/2018 05:30 PM, Richard Guy Briggs wrote:
[...]
> >>> auxiliary record either by being converted to a syscall auxiliary record
> >>> by using current->audit_context rather than NULL when calling
> >>> audit_log_start(), or creating
On Fri, 2018-05-18 at 09:54 -0400, Stefan Berger wrote:
> On 05/18/2018 08:53 AM, Mimi Zohar wrote:
[..]
> >>>> If so, which ones? We could probably refactor the current
> >>>> integrity_audit_message() and have ima_parse_rule() call into it to get
> >>
On Fri, 2018-05-18 at 11:56 -0400, Richard Guy Briggs wrote:
> On 2018-05-18 10:39, Mimi Zohar wrote:
> > On Fri, 2018-05-18 at 09:54 -0400, Stefan Berger wrote:
> > > On 05/18/2018 08:53 AM, Mimi Zohar wrote:
> >
> > [..]
> >
> > > >>>>
On Tue, 2018-05-29 at 17:47 -0400, Paul Moore wrote:
> On Tue, May 29, 2018 at 5:35 PM, Steve Grubb wrote:
> > On Tuesday, May 29, 2018 5:19:39 PM EDT Paul Moore wrote:
> >> On Thu, May 24, 2018 at 4:11 PM, Stefan Berger
> >>
> >> wrote:
> >> > Use the new public audit functions to add the exe= a
On Tue, 2018-05-29 at 18:58 -0400, Mimi Zohar wrote:
> On Tue, 2018-05-29 at 17:47 -0400, Paul Moore wrote:
> > On Tue, May 29, 2018 at 5:35 PM, Steve Grubb wrote:
> > > On Tuesday, May 29, 2018 5:19:39 PM EDT Paul Moore wrote:
> > >> On Thu, May 24,
On Wed, 2018-05-30 at 17:49 -0400, Stefan Berger wrote:
>
> So the other choice is to only keep patches 1,2, 6, and 7, so leave most
> of the integrity audit messages untouched. Then only create a different
> format for the new AUDIT_INTEGRITY_POLICY_RULE (current 8/8) that shares
> (for consis
On Wed, 2018-05-30 at 18:15 -0400, Stefan Berger wrote:
> On 05/30/2018 06:00 PM, Mimi Zohar wrote:
> > On Wed, 2018-05-30 at 17:49 -0400, Stefan Berger wrote:
> >> So the other choice is to only keep patches 1,2, 6, and 7, so leave most
> >> of the integrity audit me
Hi Paul,
On Mon, 2018-06-04 at 20:21 -0400, Paul Moore wrote:
> On Mon, Jun 4, 2018 at 4:54 PM, Stefan Berger
> wrote:
> > The AUDIT_INTEGRITY_RULE is used for auditing IMA policy rules and
> > the IMA "audit" policy action. This patch defines
> > AUDIT_INTEGRITY_POLICY_RULE to reflect the IMA p
On Tue, 2018-06-05 at 18:18 -0400, Paul Moore wrote:
> On Tue, Jun 5, 2018 at 10:15 AM, Mimi Zohar wrote:
> > Hi Paul,
> >
> > On Mon, 2018-06-04 at 20:21 -0400, Paul Moore wrote:
> >> On Mon, Jun 4, 2018 at 4:54 PM, Stefan Berger
> >> wrote:
> >>
On Wed, 2019-03-20 at 20:50 -0400, Richard Guy Briggs wrote:
> On 2019-03-20 19:48, Paul Moore wrote:
> > On Sat, Mar 16, 2019 at 8:10 AM Richard Guy Briggs wrote:
> > > In commit fa516b66a1bf ("EVM: Allow runtime modification of the set of
> > > verified xattrs"), the call to audit_log_start() is
On Tue, 2019-03-26 at 11:22 -0400, Steve Grubb wrote:
> > > > --- a/security/integrity/evm/evm_secfs.c
> > > > +++ b/security/integrity/evm/evm_secfs.c
> > > > @@ -192,7 +192,8 @@ static ssize_t evm_write_xattrs(struct file *file,
> > > > const char __user *buf,> >
> > > > if (count > XAT
ld.
>
> Please see the github issue
> https://github.com/linux-audit/audit-kernel/issues/109
>
> Signed-off-by: Richard Guy Briggs
Acked-by: Mimi Zohar
Paul, were you planning on upstreaming this patch?
Mimi
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
On Tue, 2019-03-26 at 19:58 -0400, Paul Moore wrote:
> On Tue, Mar 26, 2019 at 4:40 PM Mimi Zohar wrote:
> >
> > Hi Richard, Paul,
> >
> > On Tue, 2019-03-26 at 14:49 -0400, Richard Guy Briggs wrote:
> > > In commit fa516b66a1bf ("EVM: Allow runtime
Hi Casey,
On Fri, 2020-01-03 at 10:53 -0800, Casey Schaufler wrote:
> With multiple possible security modules supporting audit rule
> it is necessary to keep separate data for each module in the
> audit rules. This affects IMA as well, as it re-uses the audit
> rule list mechanisms.
While reviewi
On Fri, 2020-01-10 at 11:40 -0800, Casey Schaufler wrote:
> On 1/9/2020 8:33 AM, Mimi Zohar wrote:
> > Hi Casey,
> >
> > On Fri, 2020-01-03 at 10:53 -0800, Casey Schaufler wrote:
> >> With multiple possible security modules supporting audit rule
> >> it is n
On Fri, 2020-06-05 at 14:09 -0700, Lakshmi Ramasubramanian wrote:
> On 6/5/20 1:49 PM, Paul Moore wrote:
>
> >
> >> Since a pr_xyz() call was already present, I just wanted to change the
> >> log level to keep the code change to the minimum. But if audit log is
> >> the right approach for this ca
Hi Lakshmi,
On Sun, 2020-06-07 at 15:14 -0700, Lakshmi Ramasubramanian wrote:
> The final log statement in process_buffer_measurement() for failure
> condition is at debug level. This does not log the message unless
> the system log level is raised which would significantly increase
> the messages
Hi Lakshmi,
On Fri, 2020-06-05 at 20:13 -0700, Lakshmi Ramasubramanian wrote:
> Hi Mimi,
>
> In integrity audit message function the inverse of "result" is being
> logged for "res=". Please see below. Is this intentional?
>
> void integrity_audit_msg(int audit_msgno, struct inode *inode,
>
On Mon, 2020-06-08 at 14:53 -0700, Lakshmi Ramasubramanian wrote:
> The final log statement in process_buffer_measurement() for failure
> condition is at debug level. This does not log the message unless
> the system log level is raised which would significantly increase
> the messages in the syste
On Tue, 2020-06-09 at 10:00 -0700, Lakshmi Ramasubramanian wrote:
> On 6/9/20 9:43 AM, Steve Grubb wrote:
>
> >> The number in parenthesis is the error code (such as ENOMEM, EINVAL,
> >> etc.) IMA uses this format for reporting TPM errors in one of the audit
> >> messages (In ima_add_template_entr
Hi Richard,
On Tue, 2020-06-09 at 13:15 -0400, Richard Guy Briggs wrote:
> On 2020-06-09 10:00, Lakshmi Ramasubramanian wrote:
> If it is added, it should be appended to the end of the record since it
> is an existing record format, then in the case of res=1, errno= should
> still be present (not
On Wed, 2020-06-10 at 17:03 -0700, Lakshmi Ramasubramanian wrote:
> Error code is not included in the audit messages logged by
> the integrity subsystem. Add a new field namely "errno" in
> the audit message and set the value to the error code passed
> to integrity_audit_msg() in the "result" param
kexec_cmdline cause=alloc_entry errno=-12
> comm="swapper/0" name="kexec-cmdline" res=0
>
> [8.017126] audit: type=1804 audit(1591756725.360:10): pid=1
> uid=0 auid=4294967295 ses=4294967295
> subj=system_u:system_r:init_t:s0 op=measuring_key
> cause=hashing_error errno=-2
On Tue, 2020-06-16 at 11:55 -0400, Steve Grubb wrote:
> On Tuesday, June 16, 2020 11:43:31 AM EDT Lakshmi Ramasubramanian wrote:
> > On 6/16/20 8:29 AM, Steve Grubb wrote:
> > > The idea is a good idea, but you're assuming that "result" is always
> > > errno. That was probably true origina
On Thu, 2020-06-18 at 11:05 -0700, Lakshmi Ramasubramanian wrote:
> On 6/18/20 10:41 AM, Mimi Zohar wrote:
>
> >
> > For the reasons that I mentioned previously, unless others are willing
> > to add their Reviewed-by tag not for the audit aspect in particular,
>
On Wed, 2020-06-17 at 13:44 -0700, Lakshmi Ramasubramanian wrote:
> Error code is not included in the audit messages logged by
> the integrity subsystem. Add "errno" field in the audit messages
> logged by the integrity subsystem and set the value to the error code
> passed to integrity_audit_msg()
md" res=1 errno=0
>
> [8.019432] audit: type=1804 audit(1592506283.344:10): pid=1 uid=0
> auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0
> op=measuring_kexec_cmdline cause=hashing_error comm="systemd"
> name="kexec-cmdline" res=0 errno=-22
>
> uid=0 auid=4294967295 ses=4294967295
> subj=system_u:system_r:init_t:s0 op=measuring_kexec_cmdline
> cause=hashing_error comm="systemd" name="kexec-cmdline" res=0
> errno=-22
>
> Signed-off-by: Lakshmi Ramasubramanian
Reviewed-by: Mimi Zohar
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
On Wed, 2014-04-02 at 12:19 -0400, Richard Guy Briggs wrote:
> When task->comm is passed directly to audit_log_untrustedstring() without
> getting a copy or using the task_lock, there is a race that could happen that
> would output a NULL (\0) in the output string that would effectively truncate
>
On Wed, 2014-04-02 at 14:00 -0400, Steve Grubb wrote:
> Hello Mimi,
>
> On Wednesday, April 02, 2014 01:39:47 PM Mimi Zohar wrote:
> > This change is already being upstreamed as commit 73a6b44 "Integrity:
> > Pass commname via get_task_comm()".
>
> Whil
On Wed, 2014-04-02 at 14:18 -0400, Eric Paris wrote:
> On Wed, 2014-04-02 at 14:12 -0400, Mimi Zohar wrote:
> > On Wed, 2014-04-02 at 14:00 -0400, Steve Grubb wrote:
> > > Hello Mimi,
> > >
> > > On Wednesday, April 02, 2014 01:39:47 PM Mimi Zohar wrote:
On Wed, 2014-04-09 at 18:26 -0700, Peter Moody wrote:
> On Wed, Apr 09 2014 at 10:19, Steve Grubb wrote:
>
> > Missing INTEGRITY_RULE
>
> IMA with an 'audit' rule generates INTEGRITY_RULE messages.
> Missing INTEGRITY_DATA
Failure to collect or appraise file data.
(Requires the filesystem to b
On Fri, 2014-04-11 at 10:07 -0400, Steve Grubb wrote:
> Hi Mimi,
>
> On Thursday, April 10, 2014 11:36:15 PM Mimi Zohar wrote:
> > On Wed, 2014-04-09 at 18:26 -0700, Peter Moody wrote:
> > > On Wed, Apr 09 2014 at 10:19, Steve Grubb wrote:
> > > > Missing INT
On Sat, 2014-06-14 at 12:43 +0300, Dmitry Kasatkin wrote:
> On 14 June 2014 03:02, Richard Guy Briggs wrote:
> > On 14/04/02, Richard Guy Briggs wrote:
> >> On 14/04/02, Mimi Zohar wrote:
> >> > On Wed, 2014-04-02 at 14:18 -0400, Eric Paris wrote:
> >> >
On Mon, 2014-06-16 at 15:52 -0400, Richard Guy Briggs wrote:
> Replace spaces in op keyword labels in log output since userspace audit tools
> can't parse orphaned keywords.
The patch didn't apply cleanly to linux-integrity/#next. Please take a
look at it (linux-integrity/#next-fixes).
thanks,
On Thu, 2020-06-25 at 15:14 -0400, Paul Moore wrote:
> On Wed, Jun 24, 2020 at 1:25 PM Lakshmi Ramasubramanian
> wrote:
> >
> > On 6/23/20 12:58 PM, Mimi Zohar wrote:
> >
> > Hi Steve\Paul,
> >
> > >> Sample audit messages:
> > >>
&
[Cc'ing the audit mailing list]
On Mon, 2020-06-29 at 10:30 -0500, Tyler Hicks wrote:
>
> diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
> index ff2bf57ff0c7..5d62ee8319f4 100644
> --- a/security/integrity/ima/ima.h
> +++ b/security/integrity/ima/ima.h
> @@ -419,24 +419,
On Fri, 2020-07-10 at 14:42 -0500, Tyler Hicks wrote:
> On 2020-06-29 17:30:03, Mimi Zohar wrote:
> > [Cc'ing the audit mailing list]
> >
> > On Mon, 2020-06-29 at 10:30 -0500, Tyler Hicks wrote:
> > >
> > > diff --git a/security/integrity/ima/ima.
On Wed, 2020-08-05 at 09:59 -0700, James Morris wrote:
> On Wed, 5 Aug 2020, James Bottomley wrote:
>
> > I'll leave Mimi to answer, but really this is exactly the question that
> > should have been asked before writing IPE. However, since we have the
> > cart before the horse, let me break the a
On Thu, 2020-08-06 at 09:51 +1000, James Morris wrote:
> On Wed, 5 Aug 2020, Mimi Zohar wrote:
>
> > If block layer integrity was enough, there wouldn't have been a need
> > for fs-verity. Even fs-verity is limited to read only filesystems,
> > which makes vali
On Sat, 2020-08-08 at 02:41 +1000, James Morris wrote:
> On Thu, 6 Aug 2020, Mimi Zohar wrote:
>
> > On Thu, 2020-08-06 at 09:51 +1000, James Morris wrote:
> > > On Wed, 5 Aug 2020, Mimi Zohar wrote:
> > >
> > > > If block layer integrity was enough, t
On Fri, 2020-08-07 at 13:31 -0400, Mimi Zohar wrote:
> On Sat, 2020-08-08 at 02:41 +1000, James Morris wrote:
> > On Thu, 6 Aug 2020, Mimi Zohar wrote:
> >
> > > On Thu, 2020-08-06 at 09:51 +1000, James Morris wrote:
> > > > On Wed, 5 Aug 2020, Mimi Zohar wrot
On Sat, 2020-08-08 at 13:47 -0400, Chuck Lever wrote:
> > On Aug 5, 2020, at 2:15 PM, Mimi Zohar wrote:
> > If block layer integrity was enough, there wouldn't have been a need
> > for fs-verity. Even fs-verity is limited to read only filesystems,
> > which makes
On Mon, 2020-08-10 at 08:35 -0700, James Bottomley wrote:
> On Sun, 2020-08-09 at 13:16 -0400, Mimi Zohar wrote:
> > On Sat, 2020-08-08 at 13:47 -0400, Chuck Lever wrote:
> > > > On Aug 5, 2020, at 2:15 PM, Mimi Zohar
> > > > wrote:
> >
> >
>
On Mon, 2020-08-10 at 10:13 -0700, James Bottomley wrote:
> On Mon, 2020-08-10 at 12:35 -0400, Mimi Zohar wrote:
> > On Mon, 2020-08-10 at 08:35 -0700, James Bottomley wrote:
> [...]
> > > > Up to now, verifying remote filesystem file integrity has been
> > >
On Mon, 2020-12-28 at 15:20 -0800, Casey Schaufler wrote:
> On 12/28/2020 2:14 PM, Mimi Zohar wrote:
> > On Mon, 2020-12-28 at 12:06 -0800, Casey Schaufler wrote:
> >> On 12/28/2020 11:24 AM, Mimi Zohar wrote:
> >>> Hi Casey,
> >>>
> >>> On
Hi Casey,
On Fri, 2020-11-20 at 12:14 -0800, Casey Schaufler wrote:
> When more than one security module is exporting data to
> audit and networking sub-systems a single 32 bit integer
> is no longer sufficient to represent the data. Add a
> structure to be used instead.
>
> The lsmblob structure
Hi Casey,
On Fri, 2020-11-20 at 12:14 -0800, Casey Schaufler wrote:
> diff --git a/security/security.c b/security/security.c
> index 5da8b3643680..d01363cb0082 100644
> --- a/security/security.c
> +++ b/security/security.c
>
> @@ -2510,7 +2526,24 @@ int security_key_getsecurity(struct key *key, c
On Tue, 2020-12-29 at 10:46 -0800, Casey Schaufler wrote:
> >> -int security_audit_rule_match(u32 secid, u32 field, u32 op, void
> >> *lsmrule)
> >> +int security_audit_rule_match(u32 secid, u32 field, u32 op, void
> >> **lsmrule)
> >> {
> >> - return call_int_hook(
On Mon, 2020-12-28 at 20:53 -0500, Mimi Zohar wrote:
> On Mon, 2020-12-28 at 15:20 -0800, Casey Schaufler wrote:
> > On 12/28/2020 2:14 PM, Mimi Zohar wrote:
> > > On Mon, 2020-12-28 at 12:06 -0800, Casey Schaufler wrote:
> > >> On 12/28/2020 11:24 AM, Mi
On Mon, 2020-12-28 at 11:22 -0800, Casey Schaufler wrote:
> On 12/28/2020 9:54 AM, Mimi Zohar wrote:
> > Hi Casey,
> >
> > On Fri, 2020-11-20 at 12:14 -0800, Casey Schaufler wrote:
> >> When more than one security module is exporting data to
> >> audit and
On Mon, 2020-12-28 at 12:06 -0800, Casey Schaufler wrote:
> On 12/28/2020 11:24 AM, Mimi Zohar wrote:
> > Hi Casey,
> >
> > On Fri, 2020-11-20 at 12:14 -0800, Casey Schaufler wrote:
> >> diff --git a/security/security.c b/security/security.c
> >> index 5da8b
On Mon, 2021-02-22 at 15:45 -0800, Casey Schaufler wrote:
> On 2/14/2021 10:21 AM, Mimi Zohar wrote:
>
> Would these changes match your suggestion?
>
> security/integrity/ima/ima_policy.c | 24
> 1 file changed, 12 insertions(+), 12 deletions(-)
On Mon, 2021-02-22 at 15:58 -0800, Casey Schaufler wrote:
> On 2/20/2021 6:41 AM, Paul Moore wrote:
> > On Fri, Feb 19, 2021 at 8:49 PM Casey Schaufler
> > wrote:
> >> On 2/19/2021 3:28 PM, Paul Moore wrote:
> >>> As discussed briefly on the list (lore link below), we are a little
> >>> sloppy wh
any way, it will be up to the latter
> LSM specific patches in this series to change the hook
> implementations and return the correct credentials.
>
> Signed-off-by: Paul Moore
Thanks, Paul.
Acked-by: Mimi Zohar (IMA)
--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit
[Cc'ing linux-audit]
Hi Simon,
On Wed, 2021-08-11 at 11:40 +, THOBY Simon wrote:
Other than the two questions on " IMA: add a policy option to restrict
xattr hash algorithms on appraisal" patch, the patch set is looking
good.
thanks,
Mimi
> Here is also a short description of the new audi
Hi Casey,
On Thu, 2021-11-04 at 14:38 -0700, Casey Schaufler wrote:
> Create real functions for the ima_filter_rule interfaces.
> These replace #defines that obscure the reuse of audit
> interfaces. The new functions are put in security.c because
> they use security module registered hooks that we
86 matches
Mail list logo