On Tuesday, May 22, 2018 9:43:46 AM EDT Richard Guy Briggs wrote:
> On 2018-05-21 17:57, Stefan Berger wrote:
> > On 05/21/2018 02:30 PM, Steve Grubb wrote:
> > > Hello Stefan,
> > >
> > > On Monday, May 21, 2018 1:53:04 PM EDT Stefan Berger wrote:
> > > > On 05/21/2018 12:58 PM, Steve Grubb wrote
On Monday, May 21, 2018 5:57:29 PM EDT Stefan Berger wrote:
> Should some of the fields from INTEGRITY_PCR also appear in
> INTEGRITY_RULE? If so, which ones?
> >>>
> >>> pid, uid, auid, tty, session, subj, comm, exe, res. <- these are
> >>> required to be searchable
> >>>
> We co
On 2018-05-21 17:57, Stefan Berger wrote:
> On 05/21/2018 02:30 PM, Steve Grubb wrote:
> > Hello Stefan,
> >
> > On Monday, May 21, 2018 1:53:04 PM EDT Stefan Berger wrote:
> > > On 05/21/2018 12:58 PM, Steve Grubb wrote:
> > > > On Thursday, May 17, 2018 10:18:13 AM EDT Stefan Berger wrote:
> > >
On 05/21/2018 02:30 PM, Steve Grubb wrote:
Hello Stefan,
On Monday, May 21, 2018 1:53:04 PM EDT Stefan Berger wrote:
On 05/21/2018 12:58 PM, Steve Grubb wrote:
On Thursday, May 17, 2018 10:18:13 AM EDT Stefan Berger wrote:
audit_log_container_info() then releasing the local context. This
ver
Hello Stefan,
On Monday, May 21, 2018 2:04:08 PM EDT Stefan Berger wrote:
> On 05/21/2018 01:21 PM, Steve Grubb wrote:
> > On Friday, May 18, 2018 12:34:24 PM EDT Mimi Zohar wrote:
> >> On Fri, 2018-05-18 at 11:56 -0400, Richard Guy Briggs wrote:
> >>> On 2018-05-18 10:39, Mimi Zohar wrote:
>
Hello Stefan,
On Monday, May 21, 2018 1:53:04 PM EDT Stefan Berger wrote:
> On 05/21/2018 12:58 PM, Steve Grubb wrote:
> > On Thursday, May 17, 2018 10:18:13 AM EDT Stefan Berger wrote:
> >>> audit_log_container_info() then releasing the local context. This
> >>> version of the record has additio
On 05/21/2018 01:21 PM, Steve Grubb wrote:
On Friday, May 18, 2018 12:34:24 PM EDT Mimi Zohar wrote:
On Fri, 2018-05-18 at 11:56 -0400, Richard Guy Briggs wrote:
On 2018-05-18 10:39, Mimi Zohar wrote:
On Fri, 2018-05-18 at 09:54 -0400, Stefan Berger wrote:
On 05/18/2018 08:53 AM, Mimi Zohar w
On 05/21/2018 12:58 PM, Steve Grubb wrote:
On Thursday, May 17, 2018 10:18:13 AM EDT Stefan Berger wrote:
audit_log_container_info() then releasing the local context. This
version of the record has additional concerns covered here:
https://github.com/linux-audit/audit-kernel/issues/52
Followin
On Friday, May 18, 2018 12:34:24 PM EDT Mimi Zohar wrote:
> On Fri, 2018-05-18 at 11:56 -0400, Richard Guy Briggs wrote:
> > On 2018-05-18 10:39, Mimi Zohar wrote:
> > > On Fri, 2018-05-18 at 09:54 -0400, Stefan Berger wrote:
> > > > On 05/18/2018 08:53 AM, Mimi Zohar wrote:
> > > [..]
> > >
> > >
On Thursday, May 17, 2018 10:18:13 AM EDT Stefan Berger wrote:
> > audit_log_container_info() then releasing the local context. This
> > version of the record has additional concerns covered here:
> > https://github.com/linux-audit/audit-kernel/issues/52
>
> Following the discussion there and the
On 2018-05-18 12:49, Stefan Berger wrote:
> On 05/18/2018 11:45 AM, Richard Guy Briggs wrote:
> > On 2018-05-18 07:49, Stefan Berger wrote:
> > > On 05/17/2018 05:30 PM, Richard Guy Briggs wrote:
> > > > On 2018-05-17 10:18, Stefan Berger wrote:
> > > > > On 03/08/2018 06:21 AM, Richard Guy Briggs
On 2018-05-18 12:34, Mimi Zohar wrote:
> On Fri, 2018-05-18 at 11:56 -0400, Richard Guy Briggs wrote:
> > On 2018-05-18 10:39, Mimi Zohar wrote:
> > > On Fri, 2018-05-18 at 09:54 -0400, Stefan Berger wrote:
> > > > On 05/18/2018 08:53 AM, Mimi Zohar wrote:
> > >
> > > [..]
> > >
> > > > If s
On 05/18/2018 11:45 AM, Richard Guy Briggs wrote:
On 2018-05-18 07:49, Stefan Berger wrote:
On 05/17/2018 05:30 PM, Richard Guy Briggs wrote:
On 2018-05-17 10:18, Stefan Berger wrote:
On 03/08/2018 06:21 AM, Richard Guy Briggs wrote:
On 2018-03-05 09:24, Mimi Zohar wrote:
On Mon, 2018-03-05
On Fri, 2018-05-18 at 11:56 -0400, Richard Guy Briggs wrote:
> On 2018-05-18 10:39, Mimi Zohar wrote:
> > On Fri, 2018-05-18 at 09:54 -0400, Stefan Berger wrote:
> > > On 05/18/2018 08:53 AM, Mimi Zohar wrote:
> >
> > [..]
> >
> > > If so, which ones? We could probably refactor the current
>
On 2018-05-18 10:52, Stefan Berger wrote:
> On 05/18/2018 10:39 AM, Mimi Zohar wrote:
> > On Fri, 2018-05-18 at 09:54 -0400, Stefan Berger wrote:
> > > On 05/18/2018 08:53 AM, Mimi Zohar wrote:
> > [..]
> >
> > > > > > > If so, which ones? We could probably refactor the current
> > > > > > > integ
On 2018-05-18 10:39, Mimi Zohar wrote:
> On Fri, 2018-05-18 at 09:54 -0400, Stefan Berger wrote:
> > On 05/18/2018 08:53 AM, Mimi Zohar wrote:
>
> [..]
>
> > If so, which ones? We could probably refactor the current
> > integrity_audit_message() and have ima_parse_rule() call into it to
On 2018-05-18 08:53, Mimi Zohar wrote:
> On Fri, 2018-05-18 at 07:49 -0400, Stefan Berger wrote:
> > On 05/17/2018 05:30 PM, Richard Guy Briggs wrote:
>
> [...]
>
> > >>> auxiliary record either by being converted to a syscall auxiliary record
> > >>> by using current->audit_context rather than N
On 2018-05-18 07:49, Stefan Berger wrote:
> On 05/17/2018 05:30 PM, Richard Guy Briggs wrote:
> > On 2018-05-17 10:18, Stefan Berger wrote:
> > > On 03/08/2018 06:21 AM, Richard Guy Briggs wrote:
> > > > On 2018-03-05 09:24, Mimi Zohar wrote:
> > > > > On Mon, 2018-03-05 at 08:50 -0500, Richard Guy
On 05/18/2018 10:39 AM, Mimi Zohar wrote:
On Fri, 2018-05-18 at 09:54 -0400, Stefan Berger wrote:
On 05/18/2018 08:53 AM, Mimi Zohar wrote:
[..]
If so, which ones? We could probably refactor the current
integrity_audit_message() and have ima_parse_rule() call into it to get
those fields as we
On Fri, 2018-05-18 at 09:54 -0400, Stefan Berger wrote:
> On 05/18/2018 08:53 AM, Mimi Zohar wrote:
[..]
> If so, which ones? We could probably refactor the current
> integrity_audit_message() and have ima_parse_rule() call into it to get
> those fields as well. I suppose adding ne
On 05/18/2018 08:53 AM, Mimi Zohar wrote:
On Fri, 2018-05-18 at 07:49 -0400, Stefan Berger wrote:
On 05/17/2018 05:30 PM, Richard Guy Briggs wrote:
[...]
auxiliary record either by being converted to a syscall auxiliary record
by using current->audit_context rather than NULL when calling
audi
On Fri, 2018-05-18 at 07:49 -0400, Stefan Berger wrote:
> On 05/17/2018 05:30 PM, Richard Guy Briggs wrote:
[...]
> >>> auxiliary record either by being converted to a syscall auxiliary record
> >>> by using current->audit_context rather than NULL when calling
> >>> audit_log_start(), or creating
On 05/17/2018 05:30 PM, Richard Guy Briggs wrote:
On 2018-05-17 10:18, Stefan Berger wrote:
On 03/08/2018 06:21 AM, Richard Guy Briggs wrote:
On 2018-03-05 09:24, Mimi Zohar wrote:
On Mon, 2018-03-05 at 08:50 -0500, Richard Guy Briggs wrote:
On 2018-03-05 08:43, Mimi Zohar wrote:
Hi Richard,
On 2018-05-17 10:18, Stefan Berger wrote:
> On 03/08/2018 06:21 AM, Richard Guy Briggs wrote:
> > On 2018-03-05 09:24, Mimi Zohar wrote:
> > > On Mon, 2018-03-05 at 08:50 -0500, Richard Guy Briggs wrote:
> > > > On 2018-03-05 08:43, Mimi Zohar wrote:
> > > > > Hi Richard,
> > > > >
> > > > > This
On 03/08/2018 06:21 AM, Richard Guy Briggs wrote:
On 2018-03-05 09:24, Mimi Zohar wrote:
On Mon, 2018-03-05 at 08:50 -0500, Richard Guy Briggs wrote:
On 2018-03-05 08:43, Mimi Zohar wrote:
Hi Richard,
This patch has been compiled, but not runtime tested.
Ok, great, thank you. I assume you a
On 2018-03-08 13:02, Mimi Zohar wrote:
> On Thu, 2018-03-08 at 06:21 -0500, Richard Guy Briggs wrote:
> > On 2018-03-05 09:24, Mimi Zohar wrote:
> > > On Mon, 2018-03-05 at 08:50 -0500, Richard Guy Briggs wrote:
> > > > On 2018-03-05 08:43, Mimi Zohar wrote:
> > > > > Hi Richard,
> > > > >
> > > >
On Thu, 2018-03-08 at 06:21 -0500, Richard Guy Briggs wrote:
> On 2018-03-05 09:24, Mimi Zohar wrote:
> > On Mon, 2018-03-05 at 08:50 -0500, Richard Guy Briggs wrote:
> > > On 2018-03-05 08:43, Mimi Zohar wrote:
> > > > Hi Richard,
> > > >
> > > > This patch has been compiled, but not runtime test
On 2018-03-05 09:24, Mimi Zohar wrote:
> On Mon, 2018-03-05 at 08:50 -0500, Richard Guy Briggs wrote:
> > On 2018-03-05 08:43, Mimi Zohar wrote:
> > > Hi Richard,
> > >
> > > This patch has been compiled, but not runtime tested.
> >
> > Ok, great, thank you. I assume you are offering this patch
On Mon, 2018-03-05 at 08:50 -0500, Richard Guy Briggs wrote:
> On 2018-03-05 08:43, Mimi Zohar wrote:
> > Hi Richard,
> >
> > This patch has been compiled, but not runtime tested.
>
> Ok, great, thank you. I assume you are offering this patch to be
> included in this patchset?
Yes, thank you.
On 2018-03-05 08:43, Mimi Zohar wrote:
> Hi Richard,
>
> This patch has been compiled, but not runtime tested.
Ok, great, thank you. I assume you are offering this patch to be
included in this patchset? I'll have a look to see where it fits in the
IMA record. It might be better if it were an A
Hi Richard,
This patch has been compiled, but not runtime tested.
---
If the containerid is defined, include it in the IMA-audit record.
Signed-off-by: Mimi Zohar
---
security/integrity/ima/ima_api.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/security/integrity/ima/ima_api.c b/sec
31 matches
Mail list logo