At 2017-09-21 05:30:46, "David Miller" <da...@davemloft.net> wrote:
>From: gfree.w...@vip.163.com
>Date: Tue, 19 Sep 2017 22:32:48 +0800
>
>> From: Gao Feng <gfree.w...@vip.163.com>
>>
>> There is no one which would invokes the function skb_header
At 2017-09-21 05:30:46, "David Miller" wrote:
>From: gfree.w...@vip.163.com
>Date: Tue, 19 Sep 2017 22:32:48 +0800
>
>> From: Gao Feng
>>
>> There is no one which would invokes the function skb_header_release.
>> So just remove it now.
>>
>&
On Thu, Oct 27, 2016 at 11:56 AM, zhongjiang wrote:
> From: zhong jiang
>
> when I compiler the newest kernel, I hit the following error with
> Werror=may-uninitalized.
>
> net/core/flow_dissector.c: In function ?._skb_flow_dissect?
>
On Thu, Oct 27, 2016 at 11:56 AM, zhongjiang wrote:
> From: zhong jiang
>
> when I compiler the newest kernel, I hit the following error with
> Werror=may-uninitalized.
>
> net/core/flow_dissector.c: In function ?._skb_flow_dissect?
> include/uapi/linux/swab.h:100:46: error: ?.lan?.may be used
On Wed, Aug 31, 2016 at 12:14 PM, Eric Dumazet <eric.duma...@gmail.com> wrote:
> On Wed, 2016-08-31 at 10:56 +0800, f...@ikuai8.com wrote:
>> From: Gao Feng <f...@ikuai8.com>
>>
>> The original codes depend on that the function parameters are evaluated from
>
On Wed, Aug 31, 2016 at 12:14 PM, Eric Dumazet wrote:
> On Wed, 2016-08-31 at 10:56 +0800, f...@ikuai8.com wrote:
>> From: Gao Feng
>>
>> The original codes depend on that the function parameters are evaluated from
>> left to right. But the parameter's evaluatio
On 01/17/2014 06:29 AM, Serge E. Hallyn wrote:
> Quoting Gao feng (gaof...@cn.fujitsu.com):
>> Add a compare function which always return true for
>> audit netlink socket, this will cause audit netlink
>> sockets netns unaware, and no matter which netns the
>> user
On 01/17/2014 06:29 AM, Serge E. Hallyn wrote:
Quoting Gao feng (gaof...@cn.fujitsu.com):
Add a compare function which always return true for
audit netlink socket, this will cause audit netlink
sockets netns unaware, and no matter which netns the
user space audit netlink sockets belong
per-netns
audit kernel side socket(audit_sock), it's pain to
depend on and get reference of netns for auditns.
Signed-off-by: Gao feng
---
kernel/audit.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/kernel/audit.c b/kernel/audit.c
index b62153a..2ac6212 100644
--- a/kernel/audit.c
will make things easy and we needn't to
consider the complicate cases.
Signed-off-by: Gao feng
---
kernel/audit.c | 61 ++
kernel/audit.h | 4
2 files changed, 10 insertions(+), 55 deletions(-)
diff --git a/kernel/audit.c b/kernel/aud
things easy and we needn't to
consider the complicate cases.
Signed-off-by: Gao feng gaof...@cn.fujitsu.com
---
kernel/audit.c | 61 ++
kernel/audit.h | 4
2 files changed, 10 insertions(+), 55 deletions(-)
diff --git a/kernel/audit.c b
per-netns
audit kernel side socket(audit_sock), it's pain to
depend on and get reference of netns for auditns.
Signed-off-by: Gao feng gaof...@cn.fujitsu.com
---
kernel/audit.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/kernel/audit.c b/kernel/audit.c
index b62153a..2ac6212 100644
On 01/08/2014 08:53 AM, Andrew Morton wrote:
> On Tue, 17 Dec 2013 11:10:41 +0800 Gao feng wrote:
>
>> print the error message and then return -ENOMEM.
>>
>> ...
>>
>> --- a/kernel/audit.c
>> +++ b/kernel/audit.c
>> @@ -1083,12 +1083,11 @@ stat
On 01/08/2014 08:53 AM, Andrew Morton wrote:
On Tue, 17 Dec 2013 11:10:41 +0800 Gao feng gaof...@cn.fujitsu.com wrote:
print the error message and then return -ENOMEM.
...
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1083,12 +1083,11 @@ static int __net_init audit_net_init(struct net
On 01/06/2014 03:54 PM, Libo Chen wrote:
> On 2014/1/3 13:20, Cong Wang wrote:
>> On Thu, Jan 2, 2014 at 7:11 PM, Libo Chen
>> wrote:
>>> Hi guys,
>>>
>>> Now, lxc created with veth can not be under control by
>>> cls_cgroup.
>>>
>>> the former discussion:
>>>
On 01/06/2014 03:54 PM, Libo Chen wrote:
On 2014/1/3 13:20, Cong Wang wrote:
On Thu, Jan 2, 2014 at 7:11 PM, Libo Chen clbchenlibo.c...@huawei.com
wrote:
Hi guys,
Now, lxc created with veth can not be under control by
cls_cgroup.
the former discussion:
On 12/24/2013 07:47 AM, Richard Guy Briggs wrote:
> On 13/12/09, Gao feng wrote:
>> On 12/07/2013 05:31 AM, Serge E. Hallyn wrote:
>>> Quoting Gao feng (gaof...@cn.fujitsu.com):
>
>>>> The main target of this patchset is allowing user in audit
>>>> nam
On 12/21/2013 05:15 AM, Serge E. Hallyn wrote:
> Quoting Gao feng (gaof...@cn.fujitsu.com):
>> On 12/11/2013 04:36 AM, Serge E. Hallyn wrote:
>>> Quoting Eric Paris (epa...@redhat.com):
>>>> On Tue, 2013-12-10 at 10:51 -0600, Serge Hallyn wrote:
>>>>
On 12/21/2013 05:15 AM, Serge E. Hallyn wrote:
Quoting Gao feng (gaof...@cn.fujitsu.com):
On 12/11/2013 04:36 AM, Serge E. Hallyn wrote:
Quoting Eric Paris (epa...@redhat.com):
On Tue, 2013-12-10 at 10:51 -0600, Serge Hallyn wrote:
Quoting Gao feng (gaof...@cn.fujitsu.com):
On 12/10/2013 02
On 12/24/2013 07:47 AM, Richard Guy Briggs wrote:
On 13/12/09, Gao feng wrote:
On 12/07/2013 05:31 AM, Serge E. Hallyn wrote:
Quoting Gao feng (gaof...@cn.fujitsu.com):
The main target of this patchset is allowing user in audit
namespace to generate the USER_MSG type of audit message,
some
On 12/20/2013 11:11 AM, Eric Paris wrote:
> On Fri, 2013-12-20 at 10:46 +0800, Gao feng wrote:
>> On 12/20/2013 02:40 AM, Eric Paris wrote:
>>> On Thu, 2013-12-19 at 11:59 +0800, Gao feng wrote:
>>>> On 07/17/2013 04:32 AM, Richard Guy Briggs wrote:
>
On 12/20/2013 02:40 AM, Eric Paris wrote:
> On Thu, 2013-12-19 at 11:59 +0800, Gao feng wrote:
>> On 07/17/2013 04:32 AM, Richard Guy Briggs wrote:
>>> Convert audit from only listening in init_net to use
>>> register_pernet_subsys()
>>> to dynami
On 12/20/2013 09:40 AM, Richard Guy Briggs wrote:
> On 13/12/20, Gao feng wrote:
>> On 12/20/2013 09:19 AM, Richard Guy Briggs wrote:
>>> On 13/12/19, Gao feng wrote:
>>>> On 12/19/2013 10:34 AM, Gao feng wrote:
>>>>> kernel/capability.c: In function ‘
On 12/20/2013 09:19 AM, Richard Guy Briggs wrote:
> On 13/12/19, Gao feng wrote:
>> On 12/19/2013 10:34 AM, Gao feng wrote:
>>> kernel/capability.c: In function ‘SYSC_capset’:
>>> kernel/capability.c:280:2: warning: passing argument 1 of
>>> ‘audit_log_capset
On 12/20/2013 02:40 AM, Eric Paris wrote:
> On Thu, 2013-12-19 at 11:59 +0800, Gao feng wrote:
>> On 07/17/2013 04:32 AM, Richard Guy Briggs wrote:
>>> Convert audit from only listening in init_net to use
>>> register_pernet_subsys()
>>> to dynami
On 12/20/2013 02:40 AM, Eric Paris wrote:
On Thu, 2013-12-19 at 11:59 +0800, Gao feng wrote:
On 07/17/2013 04:32 AM, Richard Guy Briggs wrote:
Convert audit from only listening in init_net to use
register_pernet_subsys()
to dynamically manage the netlink socket list.
Signed-off-by: Richard
On 12/20/2013 09:19 AM, Richard Guy Briggs wrote:
On 13/12/19, Gao feng wrote:
On 12/19/2013 10:34 AM, Gao feng wrote:
kernel/capability.c: In function ‘SYSC_capset’:
kernel/capability.c:280:2: warning: passing argument 1 of
‘audit_log_capset’ makes integer from pointer without a cast
On 12/20/2013 09:40 AM, Richard Guy Briggs wrote:
On 13/12/20, Gao feng wrote:
On 12/20/2013 09:19 AM, Richard Guy Briggs wrote:
On 13/12/19, Gao feng wrote:
On 12/19/2013 10:34 AM, Gao feng wrote:
kernel/capability.c: In function ‘SYSC_capset’:
kernel/capability.c:280:2: warning: passing
On 12/20/2013 02:40 AM, Eric Paris wrote:
On Thu, 2013-12-19 at 11:59 +0800, Gao feng wrote:
On 07/17/2013 04:32 AM, Richard Guy Briggs wrote:
Convert audit from only listening in init_net to use
register_pernet_subsys()
to dynamically manage the netlink socket list.
Signed-off-by: Richard
On 12/20/2013 11:11 AM, Eric Paris wrote:
On Fri, 2013-12-20 at 10:46 +0800, Gao feng wrote:
On 12/20/2013 02:40 AM, Eric Paris wrote:
On Thu, 2013-12-19 at 11:59 +0800, Gao feng wrote:
On 07/17/2013 04:32 AM, Richard Guy Briggs wrote:
we have to store audit_sock
into auditns(auditns
, and no matter which netns the
user space audit netlink sockets belong to, they all
can find out and communicate with audit_sock.
This gets rid of the necessary to create per-netns
audit kernel side socket(audit_sock), it's pain to
depend on and get reference of netns for auditns.
Signed-o
On 12/19/2013 10:34 AM, Gao feng wrote:
> kernel/capability.c: In function ‘SYSC_capset’:
> kernel/capability.c:280:2: warning: passing argument 1 of ‘audit_log_capset’
> makes integer from pointer without a cast [enabled by default]
> audit_log_capset(new, current_cred());
>
());
^
In file included from kernel/capability.c:10:0:
include/linux/audit.h:400:20: note: declared here
static inline void audit_log_capset(pid_t pid, const struct cred *new,
^
make[1]: *** [kernel/capability.o] Error 1
Signed-off-by: Gao feng
---
include/linux/audit.h | 4 ++--
1
());
^
In file included from kernel/capability.c:10:0:
include/linux/audit.h:400:20: note: declared here
static inline void audit_log_capset(pid_t pid, const struct cred *new,
^
make[1]: *** [kernel/capability.o] Error 1
Signed-off-by: Gao feng gaof...@cn.fujitsu.com
---
include
On 12/19/2013 10:34 AM, Gao feng wrote:
kernel/capability.c: In function ‘SYSC_capset’:
kernel/capability.c:280:2: warning: passing argument 1 of ‘audit_log_capset’
makes integer from pointer without a cast [enabled by default]
audit_log_capset(new, current_cred());
^
In file included
, and no matter which netns the
user space audit netlink sockets belong to, they all
can find out and communicate with audit_sock.
This gets rid of the necessary to create per-netns
audit kernel side socket(audit_sock), it's pain to
depend on and get reference of netns for auditns.
Signed-off-by: Gao
print the error message and then return -ENOMEM.
Signed-off-by: Gao feng
---
kernel/audit.c | 9 -
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/kernel/audit.c b/kernel/audit.c
index 2a0ed0b..041b951 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1083,12 +1083,11
be released anytime,
so the audit_sock may point to invalid socket.
this patch sets the audit_sock to the kernel side audit
netlink socket.
Signed-off-by: Gao feng
---
kernel/audit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/audit.c b/kernel/audit.c
index 041b951
be released anytime,
so the audit_sock may point to invalid socket.
this patch sets the audit_sock to the kernel side audit
netlink socket.
Signed-off-by: Gao feng gaof...@cn.fujitsu.com
---
kernel/audit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/audit.c b/kernel
print the error message and then return -ENOMEM.
Signed-off-by: Gao feng gaof...@cn.fujitsu.com
---
kernel/audit.c | 9 -
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/kernel/audit.c b/kernel/audit.c
index 2a0ed0b..041b951 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
On 12/11/2013 04:36 AM, Serge E. Hallyn wrote:
> Quoting Eric Paris (epa...@redhat.com):
>> On Tue, 2013-12-10 at 10:51 -0600, Serge Hallyn wrote:
>>> Quoting Gao feng (gaof...@cn.fujitsu.com):
>>>> On 12/10/2013 02:26 AM, Serge Hallyn wrote:
>>>>
On 12/11/2013 04:36 AM, Serge E. Hallyn wrote:
Quoting Eric Paris (epa...@redhat.com):
On Tue, 2013-12-10 at 10:51 -0600, Serge Hallyn wrote:
Quoting Gao feng (gaof...@cn.fujitsu.com):
On 12/10/2013 02:26 AM, Serge Hallyn wrote:
Quoting Gao feng (gaof...@cn.fujitsu.com):
On 12/07/2013 06:12
On 12/10/2013 02:26 AM, Serge Hallyn wrote:
> Quoting Gao feng (gaof...@cn.fujitsu.com):
>> On 12/07/2013 06:12 AM, Serge E. Hallyn wrote:
>>> Quoting Gao feng (gaof...@cn.fujitsu.com):
>>>> Hi
>>>>
>>>> On 10/24/2013 03:31 PM, Gao feng wrote:
On 12/10/2013 02:26 AM, Serge Hallyn wrote:
Quoting Gao feng (gaof...@cn.fujitsu.com):
On 12/07/2013 06:12 AM, Serge E. Hallyn wrote:
Quoting Gao feng (gaof...@cn.fujitsu.com):
Hi
On 10/24/2013 03:31 PM, Gao feng wrote:
Here is the v1 patchset: http://lwn.net/Articles/549546/
The main
On 12/10/2013 01:53 AM, Serge Hallyn wrote:
> Quoting Gao feng (gaof...@cn.fujitsu.com):
>> On 12/07/2013 06:10 AM, Serge E. Hallyn wrote:
>>> Quoting Gao feng (gaof...@cn.fujitsu.com):
>>>> Since there is no more place for flags of clone system call.
>>>
On 12/10/2013 01:53 AM, Serge Hallyn wrote:
Quoting Gao feng (gaof...@cn.fujitsu.com):
On 12/07/2013 06:10 AM, Serge E. Hallyn wrote:
Quoting Gao feng (gaof...@cn.fujitsu.com):
Since there is no more place for flags of clone system call.
we need to find a way to create audit namespace
Hi Serge,
Thanks for your comments!
On 12/07/2013 05:31 AM, Serge E. Hallyn wrote:
> Quoting Gao feng (gaof...@cn.fujitsu.com):
>> Here is the v1 patchset: http://lwn.net/Articles/549546/
>>
>> The main target of this patchset is allowing user in audit
>> namespace to
On 12/07/2013 06:12 AM, Serge E. Hallyn wrote:
> Quoting Gao feng (gaof...@cn.fujitsu.com):
>> Hi
>>
>> On 10/24/2013 03:31 PM, Gao feng wrote:
>>> Here is the v1 patchset: http://lwn.net/Articles/549546/
>>>
>>> The main target of this patchset is
On 12/07/2013 06:10 AM, Serge E. Hallyn wrote:
> Quoting Gao feng (gaof...@cn.fujitsu.com):
>> Since there is no more place for flags of clone system call.
>> we need to find a way to create audit namespace.
>>
>> this patch add a new type of message AUDIT_CREATE_NS.
&
On 12/07/2013 06:00 AM, Serge E. Hallyn wrote:
> Quoting Gao feng (gaof...@cn.fujitsu.com):
>> 1, remove the permission check of pid namespace. it's no reason
>>to deny un-init pid namespace to operate audit subsystem.
>>
>> 2, only allow init user namespa
On 12/07/2013 06:00 AM, Serge E. Hallyn wrote:
Quoting Gao feng (gaof...@cn.fujitsu.com):
1, remove the permission check of pid namespace. it's no reason
to deny un-init pid namespace to operate audit subsystem.
2, only allow init user namespace and init audit namespace to
operate list
On 12/07/2013 06:10 AM, Serge E. Hallyn wrote:
Quoting Gao feng (gaof...@cn.fujitsu.com):
Since there is no more place for flags of clone system call.
we need to find a way to create audit namespace.
this patch add a new type of message AUDIT_CREATE_NS.
user space can create new audit
On 12/07/2013 06:12 AM, Serge E. Hallyn wrote:
Quoting Gao feng (gaof...@cn.fujitsu.com):
Hi
On 10/24/2013 03:31 PM, Gao feng wrote:
Here is the v1 patchset: http://lwn.net/Articles/549546/
The main target of this patchset is allowing user in audit
namespace to generate the USER_MSG type
Hi Serge,
Thanks for your comments!
On 12/07/2013 05:31 AM, Serge E. Hallyn wrote:
Quoting Gao feng (gaof...@cn.fujitsu.com):
Here is the v1 patchset: http://lwn.net/Articles/549546/
The main target of this patchset is allowing user in audit
namespace to generate the USER_MSG type of audit
Hi
On 10/24/2013 03:31 PM, Gao feng wrote:
> Here is the v1 patchset: http://lwn.net/Articles/549546/
>
> The main target of this patchset is allowing user in audit
> namespace to generate the USER_MSG type of audit message,
> some userspace tools need to generate audit message, o
Hi
On 10/24/2013 03:31 PM, Gao feng wrote:
Here is the v1 patchset: http://lwn.net/Articles/549546/
The main target of this patchset is allowing user in audit
namespace to generate the USER_MSG type of audit message,
some userspace tools need to generate audit message, or
these tools
On 11/19/2013 08:04 AM, Steven Rostedt wrote:
>
> I'll start out saying that this email was a complete oops. I only kept
> it around for reference, as this didn't fix the bug we were seeing, and
> I used this email to just document what I initially thought.
>
Can you describe the panic
On 11/19/2013 08:04 AM, Steven Rostedt wrote:
I'll start out saying that this email was a complete oops. I only kept
it around for reference, as this didn't fix the bug we were seeing, and
I used this email to just document what I initially thought.
Can you describe the panic situation and
On 11/15/2013 12:54 PM, Eric W. Biederman wrote:
> Gao feng writes:
>
>> On 11/15/2013 12:54 AM, Andy Lutomirski wrote:
>>> On Thu, Nov 14, 2013 at 3:10 AM, Gao feng wrote:
>>>> On 11/13/2013 03:26 PM, Gao feng wrote:
>>>>> On 11/09/2013 01:42
On 11/15/2013 12:54 AM, Andy Lutomirski wrote:
> On Thu, Nov 14, 2013 at 3:10 AM, Gao feng wrote:
>> On 11/13/2013 03:26 PM, Gao feng wrote:
>>> On 11/09/2013 01:42 PM, Eric W. Biederman wrote:
>>>> Right now I would rather not have the empty directory except
On 11/15/2013 07:50 AM, Eric W. Biederman wrote:
> Gao feng writes:
>
>> Privileged user should have rights to mount/umount/move
>> these even locked mount.
>
> Hmm. This is pretty much a can't happen case, as the only exist in mount
> namespaces where the globa
On 11/13/2013 03:26 PM, Gao feng wrote:
> On 11/09/2013 01:42 PM, Eric W. Biederman wrote:
>> Gao feng writes:
>>
>>> On 11/02/2013 02:06 PM, Gao feng wrote:
>>>> Hi Eric,
>>>>
>>>> On 08/28/2013 05:44 AM, Eric W. Biederman wrote:
>&g
On 11/13/2013 03:26 PM, Gao feng wrote:
On 11/09/2013 01:42 PM, Eric W. Biederman wrote:
Gao feng gaof...@cn.fujitsu.com writes:
On 11/02/2013 02:06 PM, Gao feng wrote:
Hi Eric,
On 08/28/2013 05:44 AM, Eric W. Biederman wrote:
Rely on the fact that another flavor of the filesystem
On 11/15/2013 07:50 AM, Eric W. Biederman wrote:
Gao feng gaof...@cn.fujitsu.com writes:
Privileged user should have rights to mount/umount/move
these even locked mount.
Hmm. This is pretty much a can't happen case, as the only exist in mount
namespaces where the global root isn't
On 11/15/2013 12:54 AM, Andy Lutomirski wrote:
On Thu, Nov 14, 2013 at 3:10 AM, Gao feng gaof...@cn.fujitsu.com wrote:
On 11/13/2013 03:26 PM, Gao feng wrote:
On 11/09/2013 01:42 PM, Eric W. Biederman wrote:
Right now I would rather not have the empty directory exception than
remove this code
On 11/15/2013 12:54 PM, Eric W. Biederman wrote:
Gao feng gaof...@cn.fujitsu.com writes:
On 11/15/2013 12:54 AM, Andy Lutomirski wrote:
On Thu, Nov 14, 2013 at 3:10 AM, Gao feng gaof...@cn.fujitsu.com wrote:
On 11/13/2013 03:26 PM, Gao feng wrote:
On 11/09/2013 01:42 PM, Eric W. Biederman
Privileged user should have rights to mount/umount/move
these even locked mount.
Signed-off-by: Gao feng
---
fs/namespace.c | 14 ++
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/fs/namespace.c b/fs/namespace.c
index da5c494..7097fc7 100644
--- a/fs/namespace.c
On 11/09/2013 01:42 PM, Eric W. Biederman wrote:
> Gao feng writes:
>
>> On 11/02/2013 02:06 PM, Gao feng wrote:
>>> Hi Eric,
>>>
>>> On 08/28/2013 05:44 AM, Eric W. Biederman wrote:
>>>>
>>>> Rely on the fact that another flavor of
On 11/09/2013 01:42 PM, Eric W. Biederman wrote:
Gao feng gaof...@cn.fujitsu.com writes:
On 11/02/2013 02:06 PM, Gao feng wrote:
Hi Eric,
On 08/28/2013 05:44 AM, Eric W. Biederman wrote:
Rely on the fact that another flavor of the filesystem is already
mounted and do not rely on state
Privileged user should have rights to mount/umount/move
these even locked mount.
Signed-off-by: Gao feng gaof...@cn.fujitsu.com
---
fs/namespace.c | 14 ++
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/fs/namespace.c b/fs/namespace.c
index da5c494..7097fc7 100644
On 11/02/2013 02:06 PM, Gao feng wrote:
> Hi Eric,
>
> On 08/28/2013 05:44 AM, Eric W. Biederman wrote:
>>
>> Rely on the fact that another flavor of the filesystem is already
>> mounted and do not rely on state in the user namespace.
>>
>> Verify that the m
On 11/02/2013 02:06 PM, Gao feng wrote:
Hi Eric,
On 08/28/2013 05:44 AM, Eric W. Biederman wrote:
Rely on the fact that another flavor of the filesystem is already
mounted and do not rely on state in the user namespace.
Verify that the mounted filesystem is not covered in any significant
On 11/06/2013 03:14 AM, Richard Guy Briggs wrote:
> On Tue, Nov 05, 2013 at 04:56:55PM +0800, Gao feng wrote:
>> On 11/05/2013 04:11 PM, Li Zefan wrote:
>>> On 2013/11/5 15:52, Gao feng wrote:
>>>> On 11/05/2013 03:51 PM, Gao feng wrote:
>>>>> Ping...
On 11/06/2013 03:14 AM, Richard Guy Briggs wrote:
On Tue, Nov 05, 2013 at 04:56:55PM +0800, Gao feng wrote:
On 11/05/2013 04:11 PM, Li Zefan wrote:
On 2013/11/5 15:52, Gao feng wrote:
On 11/05/2013 03:51 PM, Gao feng wrote:
Ping...
I want to catch up the merge window..
Even if your
On 11/05/2013 04:11 PM, Li Zefan wrote:
> On 2013/11/5 15:52, Gao feng wrote:
>> On 11/05/2013 03:51 PM, Gao feng wrote:
>>> Ping...
>>>
>>
>> I want to catch up the merge window..
>>
>
> Even if your patches are accepted by a certain maint
On 11/05/2013 04:11 PM, Li Zefan wrote:
On 2013/11/5 15:52, Gao feng wrote:
On 11/05/2013 03:51 PM, Gao feng wrote:
Ping...
I want to catch up the merge window..
Even if your patches are accepted by a certain maintainer immediately,
he will in no doubt queue them for 3.14.
Yes, you
On 11/05/2013 03:51 PM, Gao feng wrote:
> Ping...
>
I want to catch up the merge window..
> On 10/31/2013 11:52 AM, Gao feng wrote:
>> Hi Eric Paris,
>>
>> Can you give me some comments?
>>
>> You think the tying audit namespace to user namespace is
Ping...
On 10/31/2013 11:52 AM, Gao feng wrote:
> Hi Eric Paris,
>
> Can you give me some comments?
>
> You think the tying audit namespace to user namespace is a bad idea,
> so this patchset doesn't assign auditns to userns and introduce an
> new audit netlink type to
Ping...
On 10/31/2013 11:52 AM, Gao feng wrote:
Hi Eric Paris,
Can you give me some comments?
You think the tying audit namespace to user namespace is a bad idea,
so this patchset doesn't assign auditns to userns and introduce an
new audit netlink type to help to create audit namespace
On 11/05/2013 03:51 PM, Gao feng wrote:
Ping...
I want to catch up the merge window..
On 10/31/2013 11:52 AM, Gao feng wrote:
Hi Eric Paris,
Can you give me some comments?
You think the tying audit namespace to user namespace is a bad idea,
so this patchset doesn't assign auditns
Hi Eric,
On 08/28/2013 05:44 AM, Eric W. Biederman wrote:
>
> Rely on the fact that another flavor of the filesystem is already
> mounted and do not rely on state in the user namespace.
>
> Verify that the mounted filesystem is not covered in any significant
> way. I would love to verify that
Hi Eric,
On 08/28/2013 05:44 AM, Eric W. Biederman wrote:
Rely on the fact that another flavor of the filesystem is already
mounted and do not rely on state in the user namespace.
Verify that the mounted filesystem is not covered in any significant
way. I would love to verify that the
Since kernel parameter is operated before
initcall, so the audit_initialized must be
AUDIT_UNINITIALIZED or DISABLED in audit_enable.
Signed-off-by: Gao feng
---
kernel/audit.c | 13 ++---
1 file changed, 2 insertions(+), 11 deletions(-)
change from v1:
convert "printk(KERN
Since kernel parameter is operated before
initcall, so the audit_initialized must be
AUDIT_UNINITIALIZED or DISABLED in audit_enable.
Signed-off-by: Gao feng gaof...@cn.fujitsu.com
---
kernel/audit.c | 13 ++---
1 file changed, 2 insertions(+), 11 deletions(-)
change from v1:
convert
of net namespaces have ability to send/
receive audit netlink message.
I may miss some points, if you find there are some shortage or loophole,
please let me know.
Thanks!
On 10/24/2013 03:31 PM, Gao feng wrote:
> Here is the v1 patchset: http://lwn.net/Articles/549546/
>
> The ma
of net namespaces have ability to send/
receive audit netlink message.
I may miss some points, if you find there are some shortage or loophole,
please let me know.
Thanks!
On 10/24/2013 03:31 PM, Gao feng wrote:
Here is the v1 patchset: http://lwn.net/Articles/549546/
The main target
This patch allow to log audit config change in
audit namespace.
Signed-off-by: Gao feng
---
kernel/audit.c | 18 +-
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/kernel/audit.c b/kernel/audit.c
index 92da21d..095f54d 100644
--- a/kernel/audit.c
+++ b/kernel
This patch makes audit_skb_queue per audit namespace,
Since we haven't finished the preparations, only
allow user to attach/detach skb to the queue of
init_audit_ns.
Signed-off-by: Gao feng
---
include/linux/audit_namespace.h | 3 +++
kernel/audit.c | 18 +-
2
kauditd_task is used to send audit netlink messages
to the user space auditd process. Because the netlink
messages are per audit namespace, we should make
kaudit_task per auditns to operate the right netlink
skb.
Signed-off-by: Gao feng
---
include/linux/audit_namespace.h | 12
per-netns
audit kernel side socket(audit_sock), it's pain to
depend on and get reference of netns for auditns.
Signed-off-by: Gao feng
---
kernel/audit.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/kernel/audit.c b/kernel/audit.c
index 7b0e23a..468950b 100644
--- a/kernel/audit.c
Tasks are added to audit_backlog_wait when the
audit_skb_queue of audit namespace is full, so
audit_backlog_wait should be per audit namespace too.
Signed-off-by: Gao feng
---
include/linux/audit_namespace.h | 1 +
kernel/audit.c | 11 +--
2 files changed, 6 insertions
Signed-off-by: Gao feng
---
kernel/audit.c | 34 +-
1 file changed, 17 insertions(+), 17 deletions(-)
diff --git a/kernel/audit.c b/kernel/audit.c
index 5524deb..b203017 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -338,11 +338,11 @@ static int
-by: Gao feng
---
include/linux/audit_namespace.h | 2 ++
kernel/audit.c | 43 ++---
kernel/audit.h | 5 ++---
kernel/auditsc.c| 6 +++---
4 files changed, 39 insertions(+), 17 deletions(-)
diff --git a/include
Signed-off-by: Gao feng
---
include/linux/audit_namespace.h | 51 +
include/linux/nsproxy.h | 11 +
init/Kconfig| 10
kernel/Makefile | 2 +-
kernel/audit_namespace.c| 8 +++
This patch makes audit_skb_hold_queue per audit namespace.
Signed-off-by: Gao feng
---
include/linux/audit_namespace.h | 3 +++
kernel/audit.c | 12 +---
2 files changed, 8 insertions(+), 7 deletions(-)
diff --git a/include/linux/audit_namespace.h b/include/linux
in order to get more comments, so
I can keep on improving namespace support for audit.
Gao feng (20):
Audit: make audit netlink socket net namespace unaware
audit: introduce configure option CONFIG_AUDIT_NS
audit: make audit_skb_queue per audit namespace
audit: make audit_skb_hold_queue per
Only these two vars are namespace aware.
Signed-off-by: Gao feng
---
kernel/audit.c | 26 --
1 file changed, 16 insertions(+), 10 deletions(-)
diff --git a/kernel/audit.c b/kernel/audit.c
index d7a0993..2132929 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -685,16
Signed-off-by: Gao feng
---
kernel/audit.c | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/kernel/audit.c b/kernel/audit.c
index 2132929..5524deb 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -662,11 +662,11 @@ static int audit_receive_msg(struct sk_buff *skb
This interface audit_log_start_ns and audit_log_end_ns
will be used for logging audit logs in audit namespace.
Signed-off-by: Gao feng
---
include/linux/audit.h | 26 +--
kernel/audit.c| 92 ++-
2 files changed, 77 insertions
kauditd_task is added to the wait queue kaudit_wait when
there is no audit message being generated in audit namespace,
so the kaudit_wait should be per audit namespace too.
Signed-off-by: Gao feng
---
include/linux/audit_namespace.h | 2 ++
kernel/audit.c | 8
2 files
1 - 100 of 410 matches
Mail list logo