Guy Briggs
---
fs/proc/base.c | 20 ++--
1 file changed, 18 insertions(+), 2 deletions(-)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 6ce4fbe..f66d1e2 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1300,6 +1300,21 @@ static ssize_t proc_sessionid_read(struct file
Add container ID auxiliary record to tty logging rule event standalone
records.
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
drivers/tty/tty_audit.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/tty/tty_audit.c b/drivers/tty/tty_audit.c
index e
Add container ID auxiliary record to tty logging rule event standalone
records.
Signed-off-by: Richard Guy Briggs
---
drivers/tty/tty_audit.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/tty/tty_audit.c b/drivers/tty/tty_audit.c
index e30aa6b..48ee4b7 100644
See: https://github.com/linux-audit/audit-kernel/issues/32
See: https://github.com/linux-audit/audit-testsuite/issues/64
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
include/linux/audit.h | 7 +++
include/net/net_namespace.h | 12
kernel/auditsc.c
See: https://github.com/linux-audit/audit-kernel/issues/32
See: https://github.com/linux-audit/audit-testsuite/issues/64
Signed-off-by: Richard Guy Briggs
---
include/linux/audit.h | 7 +++
include/net/net_namespace.h | 12
kernel/auditsc.c| 9 ++---
kernel
bj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="tmpcontainerid"
See:
https://github.com/linux-audit/audit-kernel/issues/32
https://github.com/linux-audit/audit-userspace/issues/40
https://github.com/linux-audit/audit-testsuite/issues/64
Richard G
bj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="tmpcontainerid"
See:
https://github.com/linux-audit/audit-kernel/issues/32
https://github.com/linux-audit/audit-userspace/issues/40
https://github.com/linux-audit/audit-testsuite/issues/64
Richard G
://github.com/linux-audit/audit-kernel/issues/32
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
fs/proc/base.c | 37
include/linux/audit.h | 16 +
include/linux/init_task.h | 4 ++-
include/linux/sched.h | 1 +
i
://github.com/linux-audit/audit-kernel/issues/32
Signed-off-by: Richard Guy Briggs
---
fs/proc/base.c | 37
include/linux/audit.h | 16 +
include/linux/init_task.h | 4 ++-
include/linux/sched.h | 1 +
include
r=0
type=PROCTITLE msg=audit(1519924845.499:257):
proctitle=62617368002D6300736C65657020313B206563686F2074657374203E202F746D702F746D70636F6E7461696E65726964
type=CONTAINER_INFO msg=audit(1519924845.499:257): op=task contid=123458
See: https://github.com/linux-audit/audit-kernel/issues/32
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
incl
r=0
type=PROCTITLE msg=audit(1519924845.499:257):
proctitle=62617368002D6300736C65657020313B206563686F2074657374203E202F746D702F746D70636F6E7461696E65726964
type=CONTAINER_INFO msg=audit(1519924845.499:257): op=task contid=123458
See: https://github.com/linux-audit/audit-kernel/issues/32
Signed-off-by: Richard Guy Briggs
---
include/linux/audit.
is AUDIT_FEATURE_BITMAP_CONTAINERID_FILTER.
This requires support from userspace to be useful.
See: https://github.com/linux-audit/audit-userspace/issues/40
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
include/linux/audit.h | 1 +
include/uapi/linux/audit.h | 5 -
kernel/audit.h
is AUDIT_FEATURE_BITMAP_CONTAINERID_FILTER.
This requires support from userspace to be useful.
See: https://github.com/linux-audit/audit-userspace/issues/40
Signed-off-by: Richard Guy Briggs
---
include/linux/audit.h | 1 +
include/uapi/linux/audit.h | 5 -
kernel/audit.h | 1 +
kernel
On 2018-03-15 16:27, Stefan Berger wrote:
> On 03/01/2018 02:41 PM, Richard Guy Briggs wrote:
> > Implement the proc fs write to set the audit container ID of a process,
> > emitting an AUDIT_CONTAINER record to document the event.
> >
> > This is a write from the
On 2018-03-15 16:27, Stefan Berger wrote:
> On 03/01/2018 02:41 PM, Richard Guy Briggs wrote:
> > Implement the proc fs write to set the audit container ID of a process,
> > emitting an AUDIT_CONTAINER record to document the event.
> >
> > This is a write from the
In commit 45b578fe4c3cade6f4ca1fc934ce199afd857edc
("audit: link denied should not directly generate PATH record")
the need for the struct path *link parameter was removed.
Remove the now useless struct path argument.
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
erfluous struct path * parameter from audit_log_link_denied()
- refactor audit_log_symlink_denied() to properly free memory (pathname,
filename)
Richard Guy Briggs (2):
audit: remove path param from link denied function
audit: add refused symlink to audit_names
fs/namei.c| 3 ++-
i
In commit 45b578fe4c3cade6f4ca1fc934ce199afd857edc
("audit: link denied should not directly generate PATH record")
the need for the struct path *link parameter was removed.
Remove the now useless struct path argument.
Signed-off-by: Richard Guy Briggs
---
fs/namei.c| 2 +
erfluous struct path * parameter from audit_log_link_denied()
- refactor audit_log_symlink_denied() to properly free memory (pathname,
filename)
Richard Guy Briggs (2):
audit: remove path param from link denied function
audit: add refused symlink to audit_names
fs/namei.c| 3 ++-
i
Audit link denied events for symlinks had duplicate PATH records rather
than just updating the existing PATH record. Update the symlink's PATH
record with the current dentry and inode information.
See: https://github.com/linux-audit/audit-kernel/issues/21
Signed-off-by: Richard Guy Briggs &l
Audit link denied events for symlinks had duplicate PATH records rather
than just updating the existing PATH record. Update the symlink's PATH
record with the current dentry and inode information.
See: https://github.com/linux-audit/audit-kernel/issues/21
Signed-off-by: Richard Guy Briggs
On 2018-03-13 16:24, Paul Moore wrote:
> On Tue, Mar 13, 2018 at 6:52 AM, Richard Guy Briggs <r...@redhat.com> wrote:
> > On 2018-03-13 11:38, Steve Grubb wrote:
> >> On Tue, 13 Mar 2018 06:11:08 -0400
> >> Richard Guy Briggs <r...@redhat.com> wrote:
>
On 2018-03-13 16:24, Paul Moore wrote:
> On Tue, Mar 13, 2018 at 6:52 AM, Richard Guy Briggs wrote:
> > On 2018-03-13 11:38, Steve Grubb wrote:
> >> On Tue, 13 Mar 2018 06:11:08 -0400
> >> Richard Guy Briggs wrote:
> >>
> >> > On 2018-03-13 09:35,
On 2018-03-13 11:38, Steve Grubb wrote:
> On Tue, 13 Mar 2018 06:11:08 -0400
> Richard Guy Briggs <r...@redhat.com> wrote:
>
> > On 2018-03-13 09:35, Steve Grubb wrote:
> > > On Mon, 12 Mar 2018 11:52:56 -0400
> > > Richard Guy Briggs <r...@redhat.com>
On 2018-03-13 11:38, Steve Grubb wrote:
> On Tue, 13 Mar 2018 06:11:08 -0400
> Richard Guy Briggs wrote:
>
> > On 2018-03-13 09:35, Steve Grubb wrote:
> > > On Mon, 12 Mar 2018 11:52:56 -0400
> > > Richard Guy Briggs wrote:
> > >
>
On 2018-03-13 09:35, Steve Grubb wrote:
> On Mon, 12 Mar 2018 11:52:56 -0400
> Richard Guy Briggs <r...@redhat.com> wrote:
>
> > On 2018-03-12 11:53, Paul Moore wrote:
> > > On Mon, Mar 12, 2018 at 11:26 AM, Richard Guy Briggs
> > > <r...@redhat.com&g
On 2018-03-13 09:35, Steve Grubb wrote:
> On Mon, 12 Mar 2018 11:52:56 -0400
> Richard Guy Briggs wrote:
>
> > On 2018-03-12 11:53, Paul Moore wrote:
> > > On Mon, Mar 12, 2018 at 11:26 AM, Richard Guy Briggs
> > > wrote:
> > > > On 2018-03-12 11
On 2018-03-08 13:02, Mimi Zohar wrote:
> On Thu, 2018-03-08 at 06:21 -0500, Richard Guy Briggs wrote:
> > On 2018-03-05 09:24, Mimi Zohar wrote:
> > > On Mon, 2018-03-05 at 08:50 -0500, Richard Guy Briggs wrote:
> > > > On 2018-03-05 08:43, Mimi Zoh
On 2018-03-08 13:02, Mimi Zohar wrote:
> On Thu, 2018-03-08 at 06:21 -0500, Richard Guy Briggs wrote:
> > On 2018-03-05 09:24, Mimi Zohar wrote:
> > > On Mon, 2018-03-05 at 08:50 -0500, Richard Guy Briggs wrote:
> > > > On 2018-03-05 08:43, Mimi Zoh
thub.com/0day-ci/linux/commits/Richard-Guy-Briggs/audit-address-ANOM_LINK-excess-records/20180313-015527
> Note: the
> linux-review/Richard-Guy-Briggs/audit-address-ANOM_LINK-excess-records/20180313-015527
> HEAD 12e8c56bcd359f7d20d4ae011674d37bc832bc4c builds fine.
> It only h
thub.com/0day-ci/linux/commits/Richard-Guy-Briggs/audit-address-ANOM_LINK-excess-records/20180313-015527
> Note: the
> linux-review/Richard-Guy-Briggs/audit-address-ANOM_LINK-excess-records/20180313-015527
> HEAD 12e8c56bcd359f7d20d4ae011674d37bc832bc4c builds fine.
> It only h
On 2018-03-12 11:53, Paul Moore wrote:
> On Mon, Mar 12, 2018 at 11:26 AM, Richard Guy Briggs <r...@redhat.com> wrote:
> > On 2018-03-12 11:12, Paul Moore wrote:
> >> On Mon, Mar 12, 2018 at 2:31 AM, Richard Guy Briggs <r...@redhat.com>
> >> wrote:
> >
On 2018-03-12 11:53, Paul Moore wrote:
> On Mon, Mar 12, 2018 at 11:26 AM, Richard Guy Briggs wrote:
> > On 2018-03-12 11:12, Paul Moore wrote:
> >> On Mon, Mar 12, 2018 at 2:31 AM, Richard Guy Briggs
> >> wrote:
> >> > Audit link denied events for sym
On 2018-03-12 11:05, Paul Moore wrote:
> On Mon, Mar 12, 2018 at 2:31 AM, Richard Guy Briggs <r...@redhat.com> wrote:
> > Audit link denied events generate duplicate PATH records which disagree
> > in different ways from symlink and hardlink denials.
> > audit_log_link_d
On 2018-03-12 11:05, Paul Moore wrote:
> On Mon, Mar 12, 2018 at 2:31 AM, Richard Guy Briggs wrote:
> > Audit link denied events generate duplicate PATH records which disagree
> > in different ways from symlink and hardlink denials.
> > audit_log_link_denied() should not d
On 2018-03-12 11:12, Paul Moore wrote:
> On Mon, Mar 12, 2018 at 2:31 AM, Richard Guy Briggs <r...@redhat.com> wrote:
> > Audit link denied events for symlinks had duplicate PATH records rather
> > than just updating the existing PATH record. Update the symlink's PATH
> &
On 2018-03-12 11:12, Paul Moore wrote:
> On Mon, Mar 12, 2018 at 2:31 AM, Richard Guy Briggs wrote:
> > Audit link denied events for symlinks had duplicate PATH records rather
> > than just updating the existing PATH record. Update the symlink's PATH
> > record with the cur
On 2018-03-12 02:31, Richard Guy Briggs wrote:
> Audit link denied events were being unexpectedly produced in a disjoint
> way when audit was disabled, and when they were expected, there were
> duplicate PATH records. This patchset addresses both issues for
> symlinks a
On 2018-03-12 02:31, Richard Guy Briggs wrote:
> Audit link denied events were being unexpectedly produced in a disjoint
> way when audit was disabled, and when they were expected, there were
> duplicate PATH records. This patchset addresses both issues for
> symlinks a
On 2018-03-08 19:26, Paul Moore wrote:
> On Wed, Feb 14, 2018 at 11:18 AM, Richard Guy Briggs <r...@redhat.com> wrote:
> > Audit link denied events generate duplicate PATH records which disagree
> > in different ways from symlink and hardlink denials.
> > aud
On 2018-03-08 19:26, Paul Moore wrote:
> On Wed, Feb 14, 2018 at 11:18 AM, Richard Guy Briggs wrote:
> > Audit link denied events generate duplicate PATH records which disagree
> > in different ways from symlink and hardlink denials.
> > audit_log_link_denied() should not d
On 2018-03-08 19:50, Paul Moore wrote:
> On Wed, Feb 14, 2018 at 11:18 AM, Richard Guy Briggs <r...@redhat.com> wrote:
> > Audit link denied events for symlinks were missing the parent PATH
> > record. Add it. Since the full pathname may not be available,
> > r
On 2018-03-08 19:50, Paul Moore wrote:
> On Wed, Feb 14, 2018 at 11:18 AM, Richard Guy Briggs wrote:
> > Audit link denied events for symlinks were missing the parent PATH
> > record. Add it. Since the full pathname may not be available,
> > reconstruct it from the
Audit link denied events emit disjointed records when audit is disabled.
No records should be emitted when audit is disabled.
See: https://github.com/linux-audit/audit-kernel/issues/21
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
kernel/audit.c | 3 +++
1 file changed, 3 inse
dit-kernel/issues/51
Richard Guy Briggs (4):
audit: make ANOM_LINK obey audit_enabled and audit_dummy_context
audit: link denied should not directly generate PATH record
audit: add refused symlink to audit_names
audit: add parent of refused symlink to audit_names
fs/namei.c| 5
Audit link denied events emit disjointed records when audit is disabled.
No records should be emitted when audit is disabled.
See: https://github.com/linux-audit/audit-kernel/issues/21
Signed-off-by: Richard Guy Briggs
---
kernel/audit.c | 3 +++
1 file changed, 3 insertions(+)
diff --git
dit-kernel/issues/51
Richard Guy Briggs (4):
audit: make ANOM_LINK obey audit_enabled and audit_dummy_context
audit: link denied should not directly generate PATH record
audit: add refused symlink to audit_names
audit: add parent of refused symlink to audit_names
fs/namei.c| 5
-kernel/issues/21
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
fs/namei.c| 2 +-
include/linux/audit.h | 6 ++
kernel/audit.c| 17 ++---
3 files changed, 5 insertions(+), 20 deletions(-)
diff --git a/fs/namei.c b/fs/namei.c
index 9cc91fb..5
-kernel/issues/21
Signed-off-by: Richard Guy Briggs
---
fs/namei.c| 2 +-
include/linux/audit.h | 6 ++
kernel/audit.c| 17 ++---
3 files changed, 5 insertions(+), 20 deletions(-)
diff --git a/fs/namei.c b/fs/namei.c
index 9cc91fb..50d2533 100644
--- a/fs
Audit link denied events for symlinks were missing the parent PATH
record. Add it. Since the full pathname may not be available,
reconstruct it from the path in the nameidata supplied.
See: https://github.com/linux-audit/audit-kernel/issues/21
Signed-off-by: Richard Guy Briggs <r...@redhat.
Audit link denied events for symlinks were missing the parent PATH
record. Add it. Since the full pathname may not be available,
reconstruct it from the path in the nameidata supplied.
See: https://github.com/linux-audit/audit-kernel/issues/21
Signed-off-by: Richard Guy Briggs
---
fs/namei.c
Audit link denied events for symlinks had duplicate PATH records rather
than just updating the existing PATH record. Update the symlink's PATH
record with the current dentry and inode information.
See: https://github.com/linux-audit/audit-kernel/issues/21
Signed-off-by: Richard Guy Briggs &l
Audit link denied events for symlinks had duplicate PATH records rather
than just updating the existing PATH record. Update the symlink's PATH
record with the current dentry and inode information.
See: https://github.com/linux-audit/audit-kernel/issues/21
Signed-off-by: Richard Guy Briggs
On 2018-03-08 06:30, Andy Lutomirski wrote:
>
>
> > On Mar 8, 2018, at 1:12 AM, Richard Guy Briggs <r...@redhat.com> wrote:
> >
> >> On 2018-03-07 18:43, Paul Moore wrote:
> >>> On Wed, Mar 7, 2018 at 6:41 PM, Paul Moore <p...@paul-moore.com>
On 2018-03-08 06:30, Andy Lutomirski wrote:
>
>
> > On Mar 8, 2018, at 1:12 AM, Richard Guy Briggs wrote:
> >
> >> On 2018-03-07 18:43, Paul Moore wrote:
> >>> On Wed, Mar 7, 2018 at 6:41 PM, Paul Moore wrote:
> >>>> On Wed, Mar 7, 2018
On 2018-02-14 22:46, Richard Guy Briggs wrote:
> On 2018-02-14 11:49, Steve Grubb wrote:
> > On Wednesday, February 14, 2018 11:18:20 AM EST Richard Guy Briggs wrote:
> > > Audit link denied events were being unexpectedly produced in a disjoint
> > > way when audit was d
On 2018-02-14 22:46, Richard Guy Briggs wrote:
> On 2018-02-14 11:49, Steve Grubb wrote:
> > On Wednesday, February 14, 2018 11:18:20 AM EST Richard Guy Briggs wrote:
> > > Audit link denied events were being unexpectedly produced in a disjoint
> > > way when audit was d
On 2018-03-05 09:24, Mimi Zohar wrote:
> On Mon, 2018-03-05 at 08:50 -0500, Richard Guy Briggs wrote:
> > On 2018-03-05 08:43, Mimi Zohar wrote:
> > > Hi Richard,
> > >
> > > This patch has been compiled, but not runtime tested.
> >
> > Ok, great,
On 2018-03-05 09:24, Mimi Zohar wrote:
> On Mon, 2018-03-05 at 08:50 -0500, Richard Guy Briggs wrote:
> > On 2018-03-05 08:43, Mimi Zohar wrote:
> > > Hi Richard,
> > >
> > > This patch has been compiled, but not runtime tested.
> >
> > Ok, great,
tick to speed up non-audited tasks when there are rules
present, though this isn't currently used, in favour of audit_context
presence.
> > Andy, if you've got any Reviewed-by/Tested-by/NACK/etc. you want to
> > add, that would be good to have.
>
> ... and I just realized that linux-audit isn't on the To/CC line,
> adding them now.
(and Andy's non-NACK missed too...) The mailing list *is* in MAINTAINERS.
> Link to the patch is below.
>
> * https://marc.info/?t=15204188763=1=2
>
> paul moore
- RGB
--
Richard Guy Briggs <r...@redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635
e rules
present, though this isn't currently used, in favour of audit_context
presence.
> > Andy, if you've got any Reviewed-by/Tested-by/NACK/etc. you want to
> > add, that would be good to have.
>
> ... and I just realized that linux-audit isn't on the To/CC line,
> adding them now.
(and Andy's non-NACK missed too...) The mailing list *is* in MAINTAINERS.
> Link to the patch is below.
>
> * https://marc.info/?t=15204188763=1=2
>
> paul moore
- RGB
--
Richard Guy Briggs
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635
ontainerid_set(current))
> + audit_log_format(ab, " contid=%llu",
> + audit_get_containerid(current));
> audit_log_end(ab);
>
> iint->flags |= IMA_AUDITED;
> --
> 2.7.5
>
- RGB
--
Richard Guy Briggs <r...@redhat.com>
Sr. S/W Engineer, Kernel Sec
contid=%llu",
> + audit_get_containerid(current));
> audit_log_end(ab);
>
> iint->flags |= IMA_AUDITED;
> --
> 2.7.5
>
- RGB
--
Richard Guy Briggs
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635
On 2018-03-04 10:01, Paul Moore wrote:
> On Sat, Mar 3, 2018 at 4:19 AM, Serge E. Hallyn <se...@hallyn.com> wrote:
> > On Thu, Mar 01, 2018 at 02:41:04PM -0500, Richard Guy Briggs wrote:
> > ...
> >> +static inline bool audit_containerid_set(struct task_s
On 2018-03-04 10:01, Paul Moore wrote:
> On Sat, Mar 3, 2018 at 4:19 AM, Serge E. Hallyn wrote:
> > On Thu, Mar 01, 2018 at 02:41:04PM -0500, Richard Guy Briggs wrote:
> > ...
> >> +static inline bool audit_containerid_set(struct task_struct *tsk)
> >
>
/linux-audit/audit-kernel/issues/32
See: https://github.com/linux-audit/audit-testsuite/issues/64
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
Note: This is a userspace patch for the audit utils to support the
kernel RFC patchset, in optimism of kernel support acceptance.
ausearch woul
/linux-audit/audit-kernel/issues/32
See: https://github.com/linux-audit/audit-testsuite/issues/64
Signed-off-by: Richard Guy Briggs
---
Note: This is a userspace patch for the audit utils to support the
kernel RFC patchset, in optimism of kernel support acceptance.
ausearch would also need support
On 2018-03-04 16:55, Mimi Zohar wrote:
> On Thu, 2018-03-01 at 14:41 -0500, Richard Guy Briggs wrote:
> > Implement audit kernel container ID.
> >
> > This patchset is a preliminary RFC based on the proposal document (V3)
> > posted:
> > https://www.red
On 2018-03-04 16:55, Mimi Zohar wrote:
> On Thu, 2018-03-01 at 14:41 -0500, Richard Guy Briggs wrote:
> > Implement audit kernel container ID.
> >
> > This patchset is a preliminary RFC based on the proposal document (V3)
> > posted:
> > https://www.red
On 2018-03-01 14:41, Richard Guy Briggs wrote:
> Implement the proc fs write to set the audit container ID of a process,
> emitting an AUDIT_CONTAINER record to document the event.
>
> This is a write from the container orchestrator task to a proc entry of
> the form /proc/PID/co
On 2018-03-01 14:41, Richard Guy Briggs wrote:
> Implement the proc fs write to set the audit container ID of a process,
> emitting an AUDIT_CONTAINER record to document the event.
>
> This is a write from the container orchestrator task to a proc entry of
> the form /proc/PID/co
r=0
type=PROCTITLE msg=audit(1519924845.499:257):
proctitle=62617368002D6300736C65657020313B206563686F2074657374203E202F746D702F746D70636F6E7461696E65726964
type=UNKNOWN[1332] msg=audit(1519924845.499:257): op=task contid=123458
See: https://github.com/linux-audit/audit-kernel/issues/32
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
incl
r=0
type=PROCTITLE msg=audit(1519924845.499:257):
proctitle=62617368002D6300736C65657020313B206563686F2074657374203E202F746D702F746D70636F6E7461696E65726964
type=UNKNOWN[1332] msg=audit(1519924845.499:257): op=task contid=123458
See: https://github.com/linux-audit/audit-kernel/issues/32
Signed-off-by: Richard Guy Briggs
---
include/linux/audit.h |
Guy Briggs <r...@redhat.com>
---
fs/proc/base.c | 20 ++--
1 file changed, 18 insertions(+), 2 deletions(-)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 6ce4fbe..f66d1e2 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1300,6 +1300,21 @@ static ssize_t proc_sessioni
Guy Briggs
---
fs/proc/base.c | 20 ++--
1 file changed, 18 insertions(+), 2 deletions(-)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 6ce4fbe..f66d1e2 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1300,6 +1300,21 @@ static ssize_t proc_sessionid_read(struct file
is AUDIT_FEATURE_BITMAP_CONTAINERID_FILTER.
This requires support from userspace to be useful.
See: https://github.com/linux-audit/audit-userspace/issues/40
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
include/linux/audit.h | 1 +
include/uapi/linux/audit.h | 5 -
kernel/audit.h
is AUDIT_FEATURE_BITMAP_CONTAINERID_FILTER.
This requires support from userspace to be useful.
See: https://github.com/linux-audit/audit-userspace/issues/40
Signed-off-by: Richard Guy Briggs
---
include/linux/audit.h | 1 +
include/uapi/linux/audit.h | 5 -
kernel/audit.h | 1 +
kernel
immediately after the local associated records are
produced.
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
include/linux/audit.h | 8
kernel/auditsc.c | 20 +++-
2 files changed, 27 insertions(+), 1 deletion(-)
diff --git a/include/linux/audit.h b/i
immediately after the local associated records are
produced.
Signed-off-by: Richard Guy Briggs
---
include/linux/audit.h | 8
kernel/auditsc.c | 20 +++-
2 files changed, 27 insertions(+), 1 deletion(-)
diff --git a/include/linux/audit.h b/include/linux/audit.h
Add container ID information to configuration change, feature set change
and user generated standalone records.
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
kernel/audit.c | 50 --
kernel/auditfilter.c | 5 -
2 files c
Add container ID information to configuration change, feature set change
and user generated standalone records.
Signed-off-by: Richard Guy Briggs
---
kernel/audit.c | 50 --
kernel/auditfilter.c | 5 -
2 files changed, 44 insertions
Switch from the 1000 range to the 1300 range for the prototype until it
can be worked out why the former aren't showing up in the logs.
---
include/uapi/linux/audit.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
Switch from the 1000 range to the 1300 range for the prototype until it
can be worked out why the former aren't showing up in the logs.
---
include/uapi/linux/audit.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
Debugging code for verbose output to aid in development.
---
fs/proc/base.c | 10 ++
kernel/auditsc.c | 16
2 files changed, 26 insertions(+)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index f66d1e2..63d1ca4 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1309,9
Debugging code for verbose output to aid in development.
---
fs/proc/base.c | 10 ++
kernel/auditsc.c | 16
2 files changed, 26 insertions(+)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index f66d1e2..63d1ca4 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1309,9
Add container ID information to secure computing and abnormal end
standalone records.
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
kernel/auditsc.c | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 0cbd762..f
Add container ID information to secure computing and abnormal end
standalone records.
Signed-off-by: Richard Guy Briggs
---
kernel/auditsc.c | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 0cbd762..fcee34e 100644
Add container ID information to tty logging rule standalone records.
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
drivers/tty/tty_audit.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/tty/tty_audit.c b/drivers/tty/tty_audit.c
index e30aa6b..4
Add container ID information to tty logging rule standalone records.
Signed-off-by: Richard Guy Briggs
---
drivers/tty/tty_audit.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/tty/tty_audit.c b/drivers/tty/tty_audit.c
index e30aa6b..48ee4b7 100644
Add container ID information to mark, watch and tree rule standalone
records.
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
kernel/audit_fsnotify.c | 5 -
kernel/audit_tree.c | 5 -
kernel/audit_watch.c| 33 +++--
3 files chang
Add container ID information to mark, watch and tree rule standalone
records.
Signed-off-by: Richard Guy Briggs
---
kernel/audit_fsnotify.c | 5 -
kernel/audit_tree.c | 5 -
kernel/audit_watch.c| 33 +++--
3 files changed, 27 insertions(+), 16
Add container ID support to ptrace and signals. In particular, the "op"
field provides a way to label the auxiliary record to which it is
associated.
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
include/linux/audit.h | 16 +++-
kernel/aud
://github.com/linux-audit/audit-kernel/issues/32
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
fs/proc/base.c | 37
include/linux/audit.h | 16 +
include/linux/init_task.h | 4 ++-
include/linux/sched.h | 1 +
i
Add container ID support to ptrace and signals. In particular, the "op"
field provides a way to label the auxiliary record to which it is
associated.
Signed-off-by: Richard Guy Briggs
---
include/linux/audit.h | 16 +++-
kernel/audit.c| 12
kern
://github.com/linux-audit/audit-kernel/issues/32
Signed-off-by: Richard Guy Briggs
---
fs/proc/base.c | 37
include/linux/audit.h | 16 +
include/linux/init_task.h | 4 ++-
include/linux/sched.h | 1 +
include
$containerid -F
key=$key || echo failed to add containerid filter rule
See:
https://github.com/linux-audit/audit-kernel/issues/32
https://github.com/linux-audit/audit-userspace/issues/40
https://github.com/linux-audit/audit-testsuite/issues/64
Richard Guy Briggs (12):
audit
$containerid -F
key=$key || echo failed to add containerid filter rule
See:
https://github.com/linux-audit/audit-kernel/issues/32
https://github.com/linux-audit/audit-userspace/issues/40
https://github.com/linux-audit/audit-testsuite/issues/64
Richard Guy Briggs (12):
audit
On 2018-02-21 19:02, Paul Moore wrote:
> On Wed, Feb 21, 2018 at 6:49 PM, Paul Moore <p...@paul-moore.com> wrote:
> > On Wed, Feb 21, 2018 at 4:30 AM, Richard Guy Briggs <r...@redhat.com> wrote:
> >> If there is a memory allocation error when trying to change an a
On 2018-02-21 19:02, Paul Moore wrote:
> On Wed, Feb 21, 2018 at 6:49 PM, Paul Moore wrote:
> > On Wed, Feb 21, 2018 at 4:30 AM, Richard Guy Briggs wrote:
> >> If there is a memory allocation error when trying to change an audit
> >> kernel feature value, t
/76
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
kernel/audit.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/kernel/audit.c b/kernel/audit.c
index 5c25449..2de74be 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1059,6 +1059,8 @@ static void audit_log_feature_chan
401 - 500 of 2017 matches
Mail list logo