On 2018-05-09 12:07, Tobin C. Harding wrote:
> On Fri, May 04, 2018 at 04:54:37PM -0400, Richard Guy Briggs wrote:
> > Recognizing that the audit context is an internal audit value, use an
> > access function to set the audit context pointer for the task
> > rather t
On 2018-05-04 16:54, Richard Guy Briggs wrote:
> Use a macro, "AUDIT_SID_UNSET", to replace each instance of
> initialization and comparison to an audit session ID.
>
> Signed-off-by: Richard Guy Briggs <r...@redhat.com>
There's a minor issue with this patch, add
On 2018-05-04 16:54, Richard Guy Briggs wrote:
> Use a macro, "AUDIT_SID_UNSET", to replace each instance of
> initialization and comparison to an audit session ID.
>
> Signed-off-by: Richard Guy Briggs
There's a minor issue with this patch, adding a header inclu
On 2018-04-18 19:47, Paul Moore wrote:
> On Fri, Mar 16, 2018 at 5:00 AM, Richard Guy Briggs <r...@redhat.com> wrote:
> > Implement the proc fs write to set the audit container ID of a process,
> > emitting an AUDIT_CONTAINER record to document the event.
> >
> > T
On 2018-04-18 19:47, Paul Moore wrote:
> On Fri, Mar 16, 2018 at 5:00 AM, Richard Guy Briggs wrote:
> > Implement the proc fs write to set the audit container ID of a process,
> > emitting an AUDIT_CONTAINER record to document the event.
> >
> > This is a write from
Use a macro, "AUDIT_SID_UNSET", to replace each instance of
initialization and comparison to an audit session ID.
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
include/linux/audit.h | 2 +-
include/net/xfrm.h | 2 +-
include/uapi/linux/audit.h | 1 +
Use a macro, "AUDIT_SID_UNSET", to replace each instance of
initialization and comparison to an audit session ID.
Signed-off-by: Richard Guy Briggs
---
include/linux/audit.h | 2 +-
include/net/xfrm.h | 2 +-
include/uapi/linux/audit.h | 1 +
init/init_task.c
Recognizing that the audit context is an internal audit value, use an
access function to set the audit context pointer for the task
rather than reaching directly into the task struct to set it.
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
include/linux/audit.h | 8
Recognizing that the audit context is an internal audit value, use an
access function to set the audit context pointer for the task
rather than reaching directly into the task struct to set it.
Signed-off-by: Richard Guy Briggs
---
include/linux/audit.h | 8
kernel/auditsc.c | 6
Recognizing that the audit context is an internal audit value, use an
access function to retrieve the audit context pointer for the task
rather than reaching directly into the task struct to get it.
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
include/linux/audit.h
Recognizing that the audit context is an internal audit value, use an
access function to retrieve the audit context pointer for the task
rather than reaching directly into the task struct to get it.
Signed-off-by: Richard Guy Briggs
---
include/linux/audit.h| 16
Recognizing that the loginuid is an internal audit value, use an access
function to retrieve the audit loginuid value for the task rather than
reaching directly into the task struct to get it.
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
kernel/auditsc.c | 16
Recognizing that the loginuid is an internal audit value, use an access
function to retrieve the audit loginuid value for the task rather than
reaching directly into the task struct to get it.
Signed-off-by: Richard Guy Briggs
---
kernel/auditsc.c | 16
1 file changed, 8
dynamic allocation would mostly hide any future
changes.
The first four access normalization patches could stand alone.
Passes audit-testsuite.
Richard Guy Briggs (5):
audit: normalize loginuid read access
audit: convert sessionid unset to a macro
audit: use inline function to get audit
kmem_cache to manage this pool of memory.
Un-inline audit_free() to be able to always recover that memory.
See: https://github.com/linux-audit/audit-kernel/issues/81
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
MAINTAINERS| 2 +-
include/linux/audit.h | 8 +
dynamic allocation would mostly hide any future
changes.
The first four access normalization patches could stand alone.
Passes audit-testsuite.
Richard Guy Briggs (5):
audit: normalize loginuid read access
audit: convert sessionid unset to a macro
audit: use inline function to get audit
kmem_cache to manage this pool of memory.
Un-inline audit_free() to be able to always recover that memory.
See: https://github.com/linux-audit/audit-kernel/issues/81
Signed-off-by: Richard Guy Briggs
---
MAINTAINERS| 2 +-
include/linux/audit.h | 8
include/linux/au
On 2018-04-24 15:01, Paul Moore wrote:
> On Mon, Apr 23, 2018 at 10:02 PM, Richard Guy Briggs <r...@redhat.com> wrote:
> > On 2018-04-23 19:15, Paul Moore wrote:
> >> On Sat, Apr 21, 2018 at 10:34 AM, Richard Guy Briggs <r...@redhat.com>
> >> wrote:
>
On 2018-04-24 15:01, Paul Moore wrote:
> On Mon, Apr 23, 2018 at 10:02 PM, Richard Guy Briggs wrote:
> > On 2018-04-23 19:15, Paul Moore wrote:
> >> On Sat, Apr 21, 2018 at 10:34 AM, Richard Guy Briggs
> >> wrote:
> >> > On 2018-04-18 19:47, Paul Moore w
On 2018-04-23 19:15, Paul Moore wrote:
> On Sat, Apr 21, 2018 at 10:34 AM, Richard Guy Briggs <r...@redhat.com> wrote:
> > On 2018-04-18 19:47, Paul Moore wrote:
> >> On Fri, Mar 16, 2018 at 5:00 AM, Richard Guy Briggs <r...@redhat.com>
> >> wrote:
&g
On 2018-04-23 19:15, Paul Moore wrote:
> On Sat, Apr 21, 2018 at 10:34 AM, Richard Guy Briggs wrote:
> > On 2018-04-18 19:47, Paul Moore wrote:
> >> On Fri, Mar 16, 2018 at 5:00 AM, Richard Guy Briggs
> >> wrote:
> >> > Implement the proc fs write to
On 2018-04-18 19:47, Paul Moore wrote:
> On Fri, Mar 16, 2018 at 5:00 AM, Richard Guy Briggs <r...@redhat.com> wrote:
> > Implement the proc fs write to set the audit container ID of a process,
> > emitting an AUDIT_CONTAINER record to document the event.
> >
> > T
On 2018-04-18 19:47, Paul Moore wrote:
> On Fri, Mar 16, 2018 at 5:00 AM, Richard Guy Briggs wrote:
> > Implement the proc fs write to set the audit container ID of a process,
> > emitting an AUDIT_CONTAINER record to document the event.
> >
> > This is a write from
On 2018-04-20 16:22, Paul Moore wrote:
> On Fri, Apr 20, 2018 at 4:02 PM, Richard Guy Briggs <r...@redhat.com> wrote:
> > On 2018-04-18 21:46, Paul Moore wrote:
> >> On Fri, Mar 16, 2018 at 5:00 AM, Richard Guy Briggs <r...@redhat.com>
> >> wrote:
> &
On 2018-04-20 16:22, Paul Moore wrote:
> On Fri, Apr 20, 2018 at 4:02 PM, Richard Guy Briggs wrote:
> > On 2018-04-18 21:46, Paul Moore wrote:
> >> On Fri, Mar 16, 2018 at 5:00 AM, Richard Guy Briggs
> >> wrote:
> >> > Audit events could happen i
On 2018-04-18 21:46, Paul Moore wrote:
> On Fri, Mar 16, 2018 at 5:00 AM, Richard Guy Briggs <r...@redhat.com> wrote:
> > Audit events could happen in a network namespace outside of a task
> > context due to packets received from the net that trigger an auditing
> > rul
On 2018-04-18 21:46, Paul Moore wrote:
> On Fri, Mar 16, 2018 at 5:00 AM, Richard Guy Briggs wrote:
> > Audit events could happen in a network namespace outside of a task
> > context due to packets received from the net that trigger an auditing
> > rule prior to being asso
On 2018-04-20 11:58, Paul Moore wrote:
> On Fri, Apr 20, 2018 at 9:46 AM, Richard Guy Briggs <r...@redhat.com> wrote:
> > On 2018-04-17 18:06, Paul Moore wrote:
> >> On Wed, Apr 11, 2018 at 8:46 AM, Richard Guy Briggs <r...@redhat.com>
> >> wrote:
> >
On 2018-04-20 11:58, Paul Moore wrote:
> On Fri, Apr 20, 2018 at 9:46 AM, Richard Guy Briggs wrote:
> > On 2018-04-17 18:06, Paul Moore wrote:
> >> On Wed, Apr 11, 2018 at 8:46 AM, Richard Guy Briggs
> >> wrote:
> >> > Tie syscall information to FE
On 2018-04-17 18:06, Paul Moore wrote:
> On Wed, Apr 11, 2018 at 8:46 AM, Richard Guy Briggs <r...@redhat.com> wrote:
> > Tie syscall information to FEATURE_CHANGE calls since it is a result of
> > user action.
> >
> > See: https://github.com/linux-audit/audit-ke
On 2018-04-17 18:06, Paul Moore wrote:
> On Wed, Apr 11, 2018 at 8:46 AM, Richard Guy Briggs wrote:
> > Tie syscall information to FEATURE_CHANGE calls since it is a result of
> > user action.
> >
> > See: https://github.com/linux-audit/audit-kernel/issues/80
> &g
On 2018-04-18 20:39, Paul Moore wrote:
> On Fri, Mar 16, 2018 at 5:00 AM, Richard Guy Briggs <r...@redhat.com> wrote:
> > Standalone audit records have the timestamp and serial number generated
> > on the fly and as such are unique, making them standalone. This new
> >
On 2018-04-18 20:39, Paul Moore wrote:
> On Fri, Mar 16, 2018 at 5:00 AM, Richard Guy Briggs wrote:
> > Standalone audit records have the timestamp and serial number generated
> > on the fly and as such are unique, making them standalone. This new
> > function audit_al
On 2018-04-18 20:32, Paul Moore wrote:
> On Fri, Mar 16, 2018 at 5:00 AM, Richard Guy Briggs <r...@redhat.com> wrote:
> > Add container ID support to ptrace and signals. In particular, the "op"
> > field provides a way to label the auxiliary record to which it is
On 2018-04-18 20:32, Paul Moore wrote:
> On Fri, Mar 16, 2018 at 5:00 AM, Richard Guy Briggs wrote:
> > Add container ID support to ptrace and signals. In particular, the "op"
> > field provides a way to label the auxiliary record to which it is
> > associated.
>
On 2018-04-18 21:31, Paul Moore wrote:
> On Fri, Mar 16, 2018 at 5:00 AM, Richard Guy Briggs <r...@redhat.com> wrote:
> > Add container ID auxiliary records to secure computing and abnormal end
> > standalone records.
> >
> > Signed-off-by: Richard Guy Briggs <
On 2018-04-18 21:31, Paul Moore wrote:
> On Fri, Mar 16, 2018 at 5:00 AM, Richard Guy Briggs wrote:
> > Add container ID auxiliary records to secure computing and abnormal end
> > standalone records.
> >
> > Signed-off-by: Richard Guy Briggs
> > ---
> >
On 2018-04-18 22:10, Paul Moore wrote:
> On Fri, Mar 16, 2018 at 5:00 AM, Richard Guy Briggs <r...@redhat.com> wrote:
> > Add container ID auxiliary record(s) to NETFILTER_PKT event standalone
> > records. Iterate through all potential container IDs associated with a
On 2018-04-18 22:10, Paul Moore wrote:
> On Fri, Mar 16, 2018 at 5:00 AM, Richard Guy Briggs wrote:
> > Add container ID auxiliary record(s) to NETFILTER_PKT event standalone
> > records. Iterate through all potential container IDs associated with a
> > network namespac
On 2018-04-18 21:27, Paul Moore wrote:
> On Fri, Mar 16, 2018 at 5:00 AM, Richard Guy Briggs <r...@redhat.com> wrote:
> > Add container ID auxiliary records to configuration change, feature set
> > change
> > and user generated standalone records.
> >
> &g
On 2018-04-18 21:27, Paul Moore wrote:
> On Fri, Mar 16, 2018 at 5:00 AM, Richard Guy Briggs wrote:
> > Add container ID auxiliary records to configuration change, feature set
> > change
> > and user generated standalone records.
> >
> > Signed-off-by: Richar
On 2018-04-18 20:42, Paul Moore wrote:
> On Fri, Mar 16, 2018 at 5:00 AM, Richard Guy Briggs <r...@redhat.com> wrote:
> > Add container ID auxiliary record to mark, watch and tree rule
> > configuration standalone records.
> >
> > Signed-off-by: Ri
On 2018-04-18 20:42, Paul Moore wrote:
> On Fri, Mar 16, 2018 at 5:00 AM, Richard Guy Briggs wrote:
> > Add container ID auxiliary record to mark, watch and tree rule
> > configuration standalone records.
> >
> > Signed-off-by: Richard Guy Briggs
> > ---
On 2018-04-18 20:24, Paul Moore wrote:
> On Fri, Mar 16, 2018 at 5:00 AM, Richard Guy Briggs <r...@redhat.com> wrote:
> > Implement container ID filtering using the AUDIT_CONTAINERID field name
> > to send an 8-character string representing a u64 since the value
On 2018-04-18 20:24, Paul Moore wrote:
> On Fri, Mar 16, 2018 at 5:00 AM, Richard Guy Briggs wrote:
> > Implement container ID filtering using the AUDIT_CONTAINERID field name
> > to send an 8-character string representing a u64 since the value field
> > is only u32.
> >
On 2018-04-18 15:39, Stefan Berger wrote:
> On 04/18/2018 03:23 PM, Richard Guy Briggs wrote:
> > On 2018-04-18 14:45, Stefan Berger wrote:
> > > On 03/15/2018 11:58 PM, Richard Guy Briggs wrote:
> > > > On 2018-03-15 16:27, Stefan Berger wrote:
> > > > &g
On 2018-04-18 15:39, Stefan Berger wrote:
> On 04/18/2018 03:23 PM, Richard Guy Briggs wrote:
> > On 2018-04-18 14:45, Stefan Berger wrote:
> > > On 03/15/2018 11:58 PM, Richard Guy Briggs wrote:
> > > > On 2018-03-15 16:27, Stefan Berger wrote:
> > > > &g
On 2018-04-18 14:45, Stefan Berger wrote:
> On 03/15/2018 11:58 PM, Richard Guy Briggs wrote:
> > On 2018-03-15 16:27, Stefan Berger wrote:
> > > On 03/01/2018 02:41 PM, Richard Guy Briggs wrote:
> > > > Implement the proc fs write to set the audit container ID
On 2018-04-18 14:45, Stefan Berger wrote:
> On 03/15/2018 11:58 PM, Richard Guy Briggs wrote:
> > On 2018-03-15 16:27, Stefan Berger wrote:
> > > On 03/01/2018 02:41 PM, Richard Guy Briggs wrote:
> > > > Implement the proc fs write to set the audit container ID
On 2018-04-17 17:59, Paul Moore wrote:
> On Wed, Apr 11, 2018 at 5:08 PM, Paul Moore <p...@paul-moore.com> wrote:
> > On Mon, Apr 9, 2018 at 7:34 PM, Richard Guy Briggs <r...@redhat.com> wrote:
> >> There were two formats of the audit MAC_STATUS record, one of whic
On 2018-04-17 17:59, Paul Moore wrote:
> On Wed, Apr 11, 2018 at 5:08 PM, Paul Moore wrote:
> > On Mon, Apr 9, 2018 at 7:34 PM, Richard Guy Briggs wrote:
> >> There were two formats of the audit MAC_STATUS record, one of which was
> >> more
> >> standard t
On 2018-04-16 10:55, Kees Cook wrote:
> On Wed, Mar 21, 2018 at 1:42 AM, Richard Guy Briggs <r...@redhat.com> wrote:
> > In commit 45b578fe4c3cade6f4ca1fc934ce199afd857edc
> > ("audit: link denied should not directly generate PATH record")
> > the nee
On 2018-04-16 10:55, Kees Cook wrote:
> On Wed, Mar 21, 2018 at 1:42 AM, Richard Guy Briggs wrote:
> > In commit 45b578fe4c3cade6f4ca1fc934ce199afd857edc
> > ("audit: link denied should not directly generate PATH record")
> > the need for the struct path *link pa
On 2018-04-16 09:26, Ondrej Mosnacek wrote:
> 2018-04-10 1:34 GMT+02:00 Richard Guy Briggs <r...@redhat.com>:
> > There were two formats of the audit MAC_STATUS record, one of which was more
> > standard than the other. One listed enforcing status changes and the
> >
On 2018-04-16 09:26, Ondrej Mosnacek wrote:
> 2018-04-10 1:34 GMT+02:00 Richard Guy Briggs :
> > There were two formats of the audit MAC_STATUS record, one of which was more
> > standard than the other. One listed enforcing status changes and the
> > other listed enabled stat
Tie syscall information to FEATURE_CHANGE calls since it is a result of
user action.
See: https://github.com/linux-audit/audit-kernel/issues/80
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
kernel/audit.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/
Tie syscall information to FEATURE_CHANGE calls since it is a result of
user action.
See: https://github.com/linux-audit/audit-kernel/issues/80
Signed-off-by: Richard Guy Briggs
---
kernel/audit.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/kernel/audit.c b/kernel
Guy Briggs <r...@redhat.com>
---
security/selinux/selinuxfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 00b21b2..496915a 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@
Guy Briggs
---
security/selinux/selinuxfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 00b21b2..496915a 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -531,7 +531,7 @@ static
accompanied a SYSCALL record.
See: https://github.com/linux-audit/audit-kernel/issues/46
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
security/selinux/selinuxfs.c | 11 +++
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/security/selinux/selinuxfs.c b/se
accompanied a SYSCALL record.
See: https://github.com/linux-audit/audit-kernel/issues/46
Signed-off-by: Richard Guy Briggs
---
security/selinux/selinuxfs.c | 11 +++
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
On 2018-03-29 07:03, Jonathan Corbet wrote:
> On Thu, 29 Mar 2018 05:01:32 -0400
> Richard Guy Briggs <r...@redhat.com> wrote:
>
> > > A little detail, but still...
> >
> > I am understanding that you would prefer more context (as opposed to
> > oper
On 2018-03-29 07:03, Jonathan Corbet wrote:
> On Thu, 29 Mar 2018 05:01:32 -0400
> Richard Guy Briggs wrote:
>
> > > A little detail, but still...
> >
> > I am understanding that you would prefer more context (as opposed to
> > operational detail) in the
On 2018-03-28 12:39, Jonathan Corbet wrote:
> On Fri, 16 Mar 2018 05:00:28 -0400
> Richard Guy Briggs <r...@redhat.com> wrote:
> > Implement the proc fs write to set the audit container ID of a process,
> > emitting an AUDIT_CONTAINER record to document the event.
>
&
On 2018-03-28 12:39, Jonathan Corbet wrote:
> On Fri, 16 Mar 2018 05:00:28 -0400
> Richard Guy Briggs wrote:
> > Implement the proc fs write to set the audit container ID of a process,
> > emitting an AUDIT_CONTAINER record to document the event.
>
> A little de
On 2018-03-20 16:11, Paul Moore wrote:
> On Wed, Mar 14, 2018 at 1:43 AM, Richard Guy Briggs <r...@redhat.com> wrote:
> > Audit link denied events for symlinks had duplicate PATH records rather
> > than just updating the existing PATH record. Update the symlink's PATH
> &
On 2018-03-20 16:11, Paul Moore wrote:
> On Wed, Mar 14, 2018 at 1:43 AM, Richard Guy Briggs wrote:
> > Audit link denied events for symlinks had duplicate PATH records rather
> > than just updating the existing PATH record. Update the symlink's PATH
> > record with the cur
udit_log_link_denied()
- refactor audit_log_symlink_denied() to properly free memory (pathname,
filename)
Richard Guy Briggs (2):
audit: remove path param from link denied function
audit: add refused symlink to audit_names
fs/namei.c| 5 +++--
include/linux/audit.h | 6 ++
kerne
udit_log_link_denied()
- refactor audit_log_symlink_denied() to properly free memory (pathname,
filename)
Richard Guy Briggs (2):
audit: remove path param from link denied function
audit: add refused symlink to audit_names
fs/namei.c| 5 +++--
include/linux/audit.h | 6 ++
kerne
In commit 45b578fe4c3cade6f4ca1fc934ce199afd857edc
("audit: link denied should not directly generate PATH record")
the need for the struct path *link parameter was removed.
Remove the now useless struct path argument.
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
In commit 45b578fe4c3cade6f4ca1fc934ce199afd857edc
("audit: link denied should not directly generate PATH record")
the need for the struct path *link parameter was removed.
Remove the now useless struct path argument.
Signed-off-by: Richard Guy Briggs
---
fs/namei.c| 4 ++-
Audit link denied events for symlinks had duplicate PATH records rather
than just updating the existing PATH record. Update the symlink's PATH
record with the current dentry and inode information.
See: https://github.com/linux-audit/audit-kernel/issues/21
Signed-off-by: Richard Guy Briggs &l
Audit link denied events for symlinks had duplicate PATH records rather
than just updating the existing PATH record. Update the symlink's PATH
record with the current dentry and inode information.
See: https://github.com/linux-audit/audit-kernel/issues/21
Signed-off-by: Richard Guy Briggs
Add support to ausearch for searching on the containerid field in
records.
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
src/aureport-options.c | 1 +
src/ausearch-llist.c | 2 +
src/ausearch-llist.h | 1 +
src/ausearch-match.c | 3 +
src/ausearch-options.c
/linux-audit/audit-kernel/issues/32
See: https://github.com/linux-audit/audit-testsuite/issues/64
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
docs/auditctl.8| 3 +++
lib/fieldtab.h | 1 +
lib/libaudit.c | 36
lib/liba
Add support to ausearch for searching on the containerid field in
records.
Signed-off-by: Richard Guy Briggs
---
src/aureport-options.c | 1 +
src/ausearch-llist.c | 2 +
src/ausearch-llist.h | 1 +
src/ausearch-match.c | 3 +
src/ausearch-options.c | 46 -
src
/linux-audit/audit-kernel/issues/32
See: https://github.com/linux-audit/audit-testsuite/issues/64
Signed-off-by: Richard Guy Briggs
---
docs/auditctl.8| 3 +++
lib/fieldtab.h | 1 +
lib/libaudit.c | 36
lib/libaudit.h | 7
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
auparse/normalize_record_map.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/auparse/normalize_record_map.h b/auparse/normalize_record_map.h
index 1507bb5..c529e2e 100644
--- a/auparse/normalize_record_map.h
+++ b/a
Signed-off-by: Richard Guy Briggs
---
auparse/normalize_record_map.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/auparse/normalize_record_map.h b/auparse/normalize_record_map.h
index 1507bb5..c529e2e 100644
--- a/auparse/normalize_record_map.h
+++ b/auparse/normalize_record_map.h
Add support for audit kernel container IDs to userspace tools.
See: https://github.com/linux-audit/audit-userspace/issues/40
See: https://github.com/linux-audit/audit-kernel/issues/32
See: https://github.com/linux-audit/audit-testsuite/issues/64
Richard Guy Briggs (5):
AUDIT_CONTAINER message
Add support for audit kernel container IDs to userspace tools.
See: https://github.com/linux-audit/audit-userspace/issues/40
See: https://github.com/linux-audit/audit-kernel/issues/32
See: https://github.com/linux-audit/audit-testsuite/issues/64
Richard Guy Briggs (5):
AUDIT_CONTAINER message
This defines the message number for the container ID info record should
the kernel headers not be up to date and gives the record number a name for
printing.
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
lib/libaudit.h| 4
lib/msg_typetab.h | 1 +
2 files changed, 5 inse
This defines the message number for the container ID registration record
should the kernel headers not be up to date, gives the record number a
name for printing and allows the record to be interpreted since it is in
the 1000 range like AUDIT_LOGIN.
Signed-off-by: Richard Guy Briggs &l
This defines the message number for the container ID registration record
should the kernel headers not be up to date, gives the record number a
name for printing and allows the record to be interpreted since it is in
the 1000 range like AUDIT_LOGIN.
Signed-off-by: Richard Guy Briggs
---
lib
This defines the message number for the container ID info record should
the kernel headers not be up to date and gives the record number a name for
printing.
Signed-off-by: Richard Guy Briggs
---
lib/libaudit.h| 4
lib/msg_typetab.h | 1 +
2 files changed, 5 insertions(+)
diff --git
Check if a task has existing children or co-threads and refuse to set
the container ID if either are present. Failure to check this could
permit games where a child scratches its parent's back to work around
inheritance and double-setting policy.
Signed-off-by: Richard Guy Briggs &l
Check if a task has existing children or co-threads and refuse to set
the container ID if either are present. Failure to check this could
permit games where a child scratches its parent's back to work around
inheritance and double-setting policy.
Signed-off-by: Richard Guy Briggs
---
kernel
Add container ID support to ptrace and signals. In particular, the "op"
field provides a way to label the auxiliary record to which it is
associated.
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
include/linux/audit.h | 16 +++-
kernel/aud
Add container ID support to ptrace and signals. In particular, the "op"
field provides a way to label the auxiliary record to which it is
associated.
Signed-off-by: Richard Guy Briggs
---
include/linux/audit.h | 16 +++-
kernel/audit.c| 12
kern
is discarded immediately after the local associated records are
produced.
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
include/linux/audit.h | 8
kernel/auditsc.c | 20 +++-
2 files changed, 27 insertions(+), 1 deletion(-)
diff --git a/include/linux/aud
is discarded immediately after the local associated records are
produced.
Signed-off-by: Richard Guy Briggs
---
include/linux/audit.h | 8
kernel/auditsc.c | 20 +++-
2 files changed, 27 insertions(+), 1 deletion(-)
diff --git a/include/linux/audit.h b/include/linux
Add container ID auxiliary records to secure computing and abnormal end
standalone records.
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
kernel/auditsc.c | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 7
Add container ID auxiliary records to secure computing and abnormal end
standalone records.
Signed-off-by: Richard Guy Briggs
---
kernel/auditsc.c | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 7103d23..2f02ed9 100644
Add container ID auxiliary record to mark, watch and tree rule
configuration standalone records.
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
kernel/audit_fsnotify.c | 5 -
kernel/audit_tree.c | 5 -
kernel/audit_watch.c| 33 +++--
3
Add container ID auxiliary record to mark, watch and tree rule
configuration standalone records.
Signed-off-by: Richard Guy Briggs
---
kernel/audit_fsnotify.c | 5 -
kernel/audit_tree.c | 5 -
kernel/audit_watch.c| 33 +++--
3 files changed, 27
Add container ID auxiliary records to configuration change, feature set change
and user generated standalone records.
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
kernel/audit.c | 50 --
kernel/auditfilter.c | 5 -
2
Add container ID auxiliary records to configuration change, feature set change
and user generated standalone records.
Signed-off-by: Richard Guy Briggs
---
kernel/audit.c | 50 --
kernel/auditfilter.c | 5 -
2 files changed, 44
Add container ID auxiliary record(s) to NETFILTER_PKT event standalone
records. Iterate through all potential container IDs associated with a
network namespace.
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
kernel/audit.c | 1 +
kernel/auditsc.c | 2 +
Add container ID auxiliary record(s) to NETFILTER_PKT event standalone
records. Iterate through all potential container IDs associated with a
network namespace.
Signed-off-by: Richard Guy Briggs
---
kernel/audit.c | 1 +
kernel/auditsc.c | 2 ++
net/netfilter/xt_AUDIT.c
Guy Briggs <r...@redhat.com>
---
fs/proc/base.c | 20 ++--
1 file changed, 18 insertions(+), 2 deletions(-)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 6ce4fbe..f66d1e2 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1300,6 +1300,21 @@ static ssize_t proc_sessioni
301 - 400 of 2017 matches
Mail list logo