/76
Signed-off-by: Richard Guy Briggs
---
kernel/audit.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/kernel/audit.c b/kernel/audit.c
index 5c25449..2de74be 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1059,6 +1059,8 @@ static void audit_log_feature_change(int which, u32
On 2018-02-21 01:47, Richard Guy Briggs wrote:
> If there is a memory allocation error when trying to change an audit
> kernel feature value, the ignored allocation error will trigger a NULL
> pointer dereference oops on subsequent use of that pointer. Return
> instead.
>
On 2018-02-21 01:47, Richard Guy Briggs wrote:
> If there is a memory allocation error when trying to change an audit
> kernel feature value, the ignored allocation error will trigger a NULL
> pointer dereference oops on subsequent use of that pointer. Return
> instead.
>
-by: Richard Guy Briggs <r...@redhat.com>
---
kernel/audit.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/kernel/audit.c b/kernel/audit.c
index 196d327..31cb11d 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1063,6 +1063,8 @@ static void audit_log_feature_change(int which, u32
old_featur
-by: Richard Guy Briggs
---
kernel/audit.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/kernel/audit.c b/kernel/audit.c
index 196d327..31cb11d 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1063,6 +1063,8 @@ static void audit_log_feature_change(int which, u32
old_feature, u32 new_feature
On 2018-02-15 17:15, Paul Moore wrote:
> On Mon, Feb 12, 2018 at 12:02 AM, Richard Guy Briggs <r...@redhat.com> wrote:
> > More than one filesystem was causing hundreds to thousands of null PATH
> > records to be associated with the *init_module SYSCALL records
On 2018-02-15 17:15, Paul Moore wrote:
> On Mon, Feb 12, 2018 at 12:02 AM, Richard Guy Briggs wrote:
> > More than one filesystem was causing hundreds to thousands of null PATH
> > records to be associated with the *init_module SYSCALL records on a few
> > modules with corres
On 2018-02-15 18:19, Richard Guy Briggs wrote:
> On 2018-02-15 18:07, Steve Grubb wrote:
> > On Monday, February 12, 2018 12:02:21 AM EST Richard Guy Briggs wrote:
> > > Tracefs or debugfs were causing hundreds to thousands of null PATH
> > > records to be asso
On 2018-02-15 18:19, Richard Guy Briggs wrote:
> On 2018-02-15 18:07, Steve Grubb wrote:
> > On Monday, February 12, 2018 12:02:21 AM EST Richard Guy Briggs wrote:
> > > Tracefs or debugfs were causing hundreds to thousands of null PATH
> > > records to be asso
On 2018-02-15 18:07, Steve Grubb wrote:
> On Monday, February 12, 2018 12:02:21 AM EST Richard Guy Briggs wrote:
> > Tracefs or debugfs were causing hundreds to thousands of null PATH
> > records to be associated with the init_module and finit_module SYSCALL
> > records
On 2018-02-15 18:07, Steve Grubb wrote:
> On Monday, February 12, 2018 12:02:21 AM EST Richard Guy Briggs wrote:
> > Tracefs or debugfs were causing hundreds to thousands of null PATH
> > records to be associated with the init_module and finit_module SYSCALL
> > records
On 2018-02-15 18:34, Paul Moore wrote:
> On Wed, Feb 14, 2018 at 11:18 AM, Richard Guy Briggs <r...@redhat.com> wrote:
> > Audit link denied events for symlinks were missing the parent PATH
> > record. Add it. Since the full pathname may not be available,
> > r
On 2018-02-15 18:34, Paul Moore wrote:
> On Wed, Feb 14, 2018 at 11:18 AM, Richard Guy Briggs wrote:
> > Audit link denied events for symlinks were missing the parent PATH
> > record. Add it. Since the full pathname may not be available,
> > reconstruct it from the
On 2018-02-15 18:07, Steve Grubb wrote:
> On Monday, February 12, 2018 12:02:21 AM EST Richard Guy Briggs wrote:
> > Tracefs or debugfs were causing hundreds to thousands of null PATH
> > records to be associated with the init_module and finit_module SYSCALL
> > records
On 2018-02-15 18:07, Steve Grubb wrote:
> On Monday, February 12, 2018 12:02:21 AM EST Richard Guy Briggs wrote:
> > Tracefs or debugfs were causing hundreds to thousands of null PATH
> > records to be associated with the init_module and finit_module SYSCALL
> > records
On 2018-02-15 15:43, Paul Moore wrote:
> On Mon, Feb 12, 2018 at 7:29 AM, Richard Guy Briggs <r...@redhat.com> wrote:
> > Signed-off-by: Richard Guy Briggs <r...@redhat.com>
> > ---
> > kernel/auditfilter.c | 4 +++-
> > 1 file changed, 3 insertions(+), 1 de
On 2018-02-15 15:43, Paul Moore wrote:
> On Mon, Feb 12, 2018 at 7:29 AM, Richard Guy Briggs wrote:
> > Signed-off-by: Richard Guy Briggs
> > ---
> > kernel/auditfilter.c | 4 +++-
> > 1 file changed, 3 insertions(+), 1 deletion(-)
>
> I realize this is an RFC
On 2018-02-15 10:57, Philipp Hahn wrote:
> Hello,
>
> Am 15.02.2018 um 03:28 schrieb Richard Guy Briggs:
> > Fix handlink to hardlink.
>
> and introduce a new sp*el*ling error in the subject line ;-)
That one was quite intentional for ironic effect. I could h
On 2018-02-15 10:57, Philipp Hahn wrote:
> Hello,
>
> Am 15.02.2018 um 03:28 schrieb Richard Guy Briggs:
> > Fix handlink to hardlink.
>
> and introduce a new sp*el*ling error in the subject line ;-)
That one was quite intentional for ironic effect. I could h
On 2018-02-14 11:49, Steve Grubb wrote:
> On Wednesday, February 14, 2018 11:18:20 AM EST Richard Guy Briggs wrote:
> > Audit link denied events were being unexpectedly produced in a disjoint
> > way when audit was disabled, and when they were expected, there were
> > d
On 2018-02-14 11:49, Steve Grubb wrote:
> On Wednesday, February 14, 2018 11:18:20 AM EST Richard Guy Briggs wrote:
> > Audit link denied events were being unexpectedly produced in a disjoint
> > way when audit was disabled, and when they were expected, there were
> > d
-testsuite.
See: https://github.com/linux-audit/audit-kernel/issues/6
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
kernel/auditfilter.c | 4 ++--
kernel/auditsc.c | 21 +++--
2 files changed, 13 insertions(+), 12 deletions(-)
diff --git a/kernel/auditfilt
-testsuite.
See: https://github.com/linux-audit/audit-kernel/issues/6
Signed-off-by: Richard Guy Briggs
---
kernel/auditfilter.c | 4 ++--
kernel/auditsc.c | 21 +++--
2 files changed, 13 insertions(+), 12 deletions(-)
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
/issues/6
v3:
- squash patch 1 and 2
v2:
- bail earlier to avoid setting up unneeded state
- don't bother checking for bug when disabled
Richard Guy Briggs (2):
audit: deprecate the AUDIT_FILTER_ENTRY filter
audit: bail before bug check if audit disabled
kernel/auditfilter.c | 4
/issues/6
v3:
- squash patch 1 and 2
v2:
- bail earlier to avoid setting up unneeded state
- don't bother checking for bug when disabled
Richard Guy Briggs (2):
audit: deprecate the AUDIT_FILTER_ENTRY filter
audit: bail before bug check if audit disabled
kernel/auditfilter.c | 4
If audit is disabled, who cares if there is a bug indicating syscall in
process or names already recorded. Bail immediately on audit disabled.
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
kernel/auditsc.c | 5 +
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/
If audit is disabled, who cares if there is a bug indicating syscall in
process or names already recorded. Bail immediately on audit disabled.
Signed-off-by: Richard Guy Briggs
---
kernel/auditsc.c | 5 +
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/kernel/auditsc.c b
On 2018-02-14 09:51, Kees Cook wrote:
> On Wed, Feb 14, 2018 at 8:18 AM, Richard Guy Briggs <r...@redhat.com> wrote:
> > Audit link denied events emit disjointed records when audit is disabled.
> > No records should be emitted when audit is disabled.
> >
> > Se
On 2018-02-14 09:51, Kees Cook wrote:
> On Wed, Feb 14, 2018 at 8:18 AM, Richard Guy Briggs wrote:
> > Audit link denied events emit disjointed records when audit is disabled.
> > No records should be emitted when audit is disabled.
> >
> > See: https://github.com/linu
Fix handlink to hardlink.
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
fs/namei.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/namei.c b/fs/namei.c
index bf1c046b..bbfb21d3 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -4258,7 +4258,7 @@ int vfs_link(
Fix handlink to hardlink.
Signed-off-by: Richard Guy Briggs
---
fs/namei.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/namei.c b/fs/namei.c
index bf1c046b..bbfb21d3 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -4258,7 +4258,7 @@ int vfs_link(struct dentry *old_dentry
dit-kernel/issues/51
Richard Guy Briggs (4):
audit: make ANOM_LINK obey audit_enabled and audit_dummy_context
audit: link denied should not directly generate PATH record
audit: add refused symlink to audit_names
audit: add parent of refused symlink to audit_names
fs/namei.c | 10 ++
dit-kernel/issues/51
Richard Guy Briggs (4):
audit: make ANOM_LINK obey audit_enabled and audit_dummy_context
audit: link denied should not directly generate PATH record
audit: add refused symlink to audit_names
audit: add parent of refused symlink to audit_names
fs/namei.c | 10 ++
Audit link denied events generate duplicate PATH records which disagree
in different ways from symlink and hardlink denials.
audit_log_link_denied() should not directly generate PATH records.
See: https://github.com/linux-audit/audit-kernel/issues/21
Signed-off-by: Richard Guy Briggs &l
Audit link denied events generate duplicate PATH records which disagree
in different ways from symlink and hardlink denials.
audit_log_link_denied() should not directly generate PATH records.
See: https://github.com/linux-audit/audit-kernel/issues/21
Signed-off-by: Richard Guy Briggs
---
kernel
Audit link denied events emit disjointed records when audit is disabled.
No records should be emitted when audit is disabled.
See: https://github.com/linux-audit/audit-kernel/issues/21
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
kernel/audit.c | 3 +++
1 file changed, 3 inse
Audit link denied events emit disjointed records when audit is disabled.
No records should be emitted when audit is disabled.
See: https://github.com/linux-audit/audit-kernel/issues/21
Signed-off-by: Richard Guy Briggs
---
kernel/audit.c | 3 +++
1 file changed, 3 insertions(+)
diff --git
Audit link denied events for symlinks had duplicate PATH records rather
than just updating the existing PATH record. Update the symlink's PATH
record with the current dentry and inode information.
See: https://github.com/linux-audit/audit-kernel/issues/21
Signed-off-by: Richard Guy Briggs &l
Audit link denied events for symlinks had duplicate PATH records rather
than just updating the existing PATH record. Update the symlink's PATH
record with the current dentry and inode information.
See: https://github.com/linux-audit/audit-kernel/issues/21
Signed-off-by: Richard Guy Briggs
Audit link denied events for symlinks were missing the parent PATH
record. Add it. Since the full pathname may not be available,
reconstruct it from the path in the nameidata supplied.
See: https://github.com/linux-audit/audit-kernel/issues/21
Signed-off-by: Richard Guy Briggs <r...@redhat.
Audit link denied events for symlinks were missing the parent PATH
record. Add it. Since the full pathname may not be available,
reconstruct it from the path in the nameidata supplied.
See: https://github.com/linux-audit/audit-kernel/issues/21
Signed-off-by: Richard Guy Briggs
---
fs/namei.c
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
kernel/auditfilter.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 3343d1c..48dcb59 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -221,11 +
Signed-off-by: Richard Guy Briggs
---
kernel/auditfilter.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 3343d1c..48dcb59 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -221,11 +221,13 @@ static inline
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
kernel/auditfilter.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 48dcb59..3938ad2c 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -228,6 +228,8 @@ stat
Signed-off-by: Richard Guy Briggs
---
kernel/auditfilter.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 48dcb59..3938ad2c 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -228,6 +228,8 @@ static int audit_match_signal
iterating over the field type. This isn't worth the
additional complexity and storage. Delete the field.
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
include/linux/audit.h | 1 -
kernel/auditfilter.c | 12
2 files changed, 8 insertions(+), 5 deletions(-)
diff
iterating over the field type. This isn't worth the
additional complexity and storage. Delete the field.
Signed-off-by: Richard Guy Briggs
---
include/linux/audit.h | 1 -
kernel/auditfilter.c | 12
2 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/include/linux
t sleeping dogs lie, but I haven't tracked down the source of the
original rule that changes arch between addition and listing (nor reproduced it
yet since I don't have access to that HW arch), and it seems to reveal
potentially another bug.
Help! Any observations or hints?
Richard Guy Briggs (3)
t sleeping dogs lie, but I haven't tracked down the source of the
original rule that changes arch between addition and listing (nor reproduced it
yet since I don't have access to that HW arch), and it seems to reveal
potentially another bug.
Help! Any observations or hints?
Richard Guy Briggs (3)
arch field, potentially causing the
arch field to be misinterpreted.
Passes audit-testsuite.
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
kernel/auditfilter.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 4a1758a..739a6d2 100
arch field, potentially causing the
arch field to be misinterpreted.
Passes audit-testsuite.
Signed-off-by: Richard Guy Briggs
---
kernel/auditfilter.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 4a1758a..739a6d2 100644
--- a/kernel/auditfilt
quot;/usr/bin/kmod"
subj=system_u:system_r:insmod_t:s0 key="mod-load"
See: https://github.com/linux-audit/audit-kernel/issues/8
Test case: https://github.com/linux-audit/audit-testsuite/issues/42
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
kernel/audit.c | 7 +++
1 file changed
quot;/usr/bin/kmod"
subj=system_u:system_r:insmod_t:s0 key="mod-load"
See: https://github.com/linux-audit/audit-kernel/issues/8
Test case: https://github.com/linux-audit/audit-testsuite/issues/42
Signed-off-by: Richard Guy Briggs
---
kernel/audit.c | 7 +++
1 file changed, 7 insertions(+)
diff
thub.com/linux-audit/audit-testsuite/issues/42
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
include/linux/audit.h | 2 ++
kernel/audit.c| 6 ++
kernel/auditsc.c | 6 --
3 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/include/linux/audit.h b/i
thub.com/linux-audit/audit-testsuite/issues/42
Signed-off-by: Richard Guy Briggs
---
include/linux/audit.h | 2 ++
kernel/audit.c| 6 ++
kernel/auditsc.c | 6 --
3 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/include/linux/audit.h b/include/linux/audit.h
in
id=0
tty=(none) ses=4294967295 comm="modprobe" exe="/usr/bin/kmod"
subj=system_u:system_r:insmod_t:s0 key="mod-load"
See: https://github.com/linux-audit/audit-kernel/issues/8
Test case: https://github.com/linux-audit/audit-testsuite/issues/42
Signed-off-by: Richard Gu
them, including a partial pathname,
fstype field, and two new filetypes that indicate the pathname isn't
anchored at the root of the task's root filesystem.
Richard Guy Briggs (3):
audit: show partial pathname for entries with anonymous parents
audit: append new fstype field for anonymous PATH
id=0
tty=(none) ses=4294967295 comm="modprobe" exe="/usr/bin/kmod"
subj=system_u:system_r:insmod_t:s0 key="mod-load"
See: https://github.com/linux-audit/audit-kernel/issues/8
Test case: https://github.com/linux-audit/audit-testsuite/issues/42
Signed-off-by: Richard Guy Bri
them, including a partial pathname,
fstype field, and two new filetypes that indicate the pathname isn't
anchored at the root of the task's root filesystem.
Richard Guy Briggs (3):
audit: show partial pathname for entries with anonymous parents
audit: append new fstype field for anonymous PATH
These fixes should speed up audit syscall entry by doing away with the
audit entry filter check, moving up the valid connection check before
filling in the context and not caring if there is a bug when audit is
disabled.
Richard Guy Briggs (3):
audit: deprecate the AUDIT_FILTER_ENTRY filter
These fixes should speed up audit syscall entry by doing away with the
audit entry filter check, moving up the valid connection check before
filling in the context and not caring if there is a bug when audit is
disabled.
Richard Guy Briggs (3):
audit: deprecate the AUDIT_FILTER_ENTRY filter
If audit is disabled, who cares if there is a bug indicating syscall in
process or names already recorded. Bail immediately on audit disabled.
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
kernel/auditsc.c | 5 +
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/
The audit entry filter has been long deprecated with userspace support
finally removed in audit-v2.6.7 and plans to remove kernel support have
existed since kernel-v2.6.31.
Remove it.
Passes audit-testsuite.
See: https://github.com/linux-audit/audit-kernel/issues/6
Signed-off-by: Richard Guy
The audit entry filter has been long deprecated with userspace support
finally removed in audit-v2.6.7 and plans to remove kernel support have
existed since kernel-v2.6.31.
Remove it.
Passes audit-testsuite.
See: https://github.com/linux-audit/audit-kernel/issues/6
Signed-off-by: Richard Guy
If audit is disabled, who cares if there is a bug indicating syscall in
process or names already recorded. Bail immediately on audit disabled.
Signed-off-by: Richard Guy Briggs
---
kernel/auditsc.c | 5 +
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/kernel/auditsc.c b
Since removing the audit entry filter, test for early return before
setting up any context state.
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
kernel/auditsc.c | 18 +-
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/kernel/auditsc.c b/kernel/aud
Since removing the audit entry filter, test for early return before
setting up any context state.
Signed-off-by: Richard Guy Briggs
---
kernel/auditsc.c | 18 +-
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 9348302
On 2018-02-08 18:58, Paul Moore wrote:
> On Wed, Feb 7, 2018 at 6:24 AM, Richard Guy Briggs <r...@redhat.com> wrote:
> > The audit entry filter has been long deprecated with userspace support
> > finally removed in audit-v2.6.7 and plans to remove kernel support have
>
On 2018-02-08 18:58, Paul Moore wrote:
> On Wed, Feb 7, 2018 at 6:24 AM, Richard Guy Briggs wrote:
> > The audit entry filter has been long deprecated with userspace support
> > finally removed in audit-v2.6.7 and plans to remove kernel support have
> > existed since kerne
The audit entry filter has been long deprecated with userspace support
finally removed in audit-v2.6.7 and plans to remove kernel support have
existed since kernel-v2.6.31.
Remove it.
Passes audit-testsuite.
See: https://github.com/linux-audit/audit-kernel/issues/6
Signed-off-by: Richard Guy
The audit entry filter has been long deprecated with userspace support
finally removed in audit-v2.6.7 and plans to remove kernel support have
existed since kernel-v2.6.31.
Remove it.
Passes audit-testsuite.
See: https://github.com/linux-audit/audit-kernel/issues/6
Signed-off-by: Richard Guy
Since the Linux Audit project has transitioned completely over to
github, update the MAINTAINERS file and the primary audit source file to
reflect that reality.
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
MAINTAINERS| 1 -
kernel/audit.c | 3 ++-
2 files changed, 2 inse
Since the Linux Audit project has transitioned completely over to
github, update the MAINTAINERS file and the primary audit source file to
reflect that reality.
Signed-off-by: Richard Guy Briggs
---
MAINTAINERS| 1 -
kernel/audit.c | 3 ++-
2 files changed, 2 insertions(+), 2 deletions
Since the Linux Audit project has transitioned completely over to
github, update the MAINTAINERS file and the primary audit source file to
reflect that reality.
Signed-off-by: Richard Guy Briggs <r...@redhat.com>
---
MAINTAINERS| 1 -
kernel/audit.c | 3 ++-
2 files changed, 2 inse
Since the Linux Audit project has transitioned completely over to
github, update the MAINTAINERS file and the primary audit source file to
reflect that reality.
Signed-off-by: Richard Guy Briggs
---
MAINTAINERS| 1 -
kernel/audit.c | 3 ++-
2 files changed, 2 insertions(+), 2 deletions
On 2018-01-09 11:18, Simo Sorce wrote:
> On Tue, 2018-01-09 at 07:16 -0500, Richard Guy Briggs wrote:
> > Containers are a userspace concept. The kernel knows nothing of them.
> >
> > The Linux audit system needs a way to be able to track the container
> > prove
On 2018-01-09 11:18, Simo Sorce wrote:
> On Tue, 2018-01-09 at 07:16 -0500, Richard Guy Briggs wrote:
> > Containers are a userspace concept. The kernel knows nothing of them.
> >
> > The Linux audit system needs a way to be able to track the container
> > prove
now I
> am having to deal with half thought out patches for information leaks
> from speculative code paths, so I won't be able to give this much
> attention for a little bit.
>
> Eric
- RGB
--
Richard Guy Briggs <r...@redhat.com>
Sr. S/W Engineer, Kernel Security, Base
now I
> am having to deal with half thought out patches for information leaks
> from speculative code paths, so I won't be able to give this much
> attention for a little bit.
>
> Eric
- RGB
--
Richard Guy Briggs
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remot
reads and
children into same container
- RGB
--
Richard Guy Briggs <r...@redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635
reads and
children into same container
- RGB
--
Richard Guy Briggs
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635
On 2017-12-09 11:20, Mickaël Salaün wrote:
>
> On 12/10/2017 18:33, Casey Schaufler wrote:
> > On 10/12/2017 7:14 AM, Richard Guy Briggs wrote:
> >> Containers are a userspace concept. The kernel knows nothing of them.
> >>
> >> The Linux audit
On 2017-12-09 11:20, Mickaël Salaün wrote:
>
> On 12/10/2017 18:33, Casey Schaufler wrote:
> > On 10/12/2017 7:14 AM, Richard Guy Briggs wrote:
> >> Containers are a userspace concept. The kernel knows nothing of them.
> >>
> >> The Linux audit
On 2017-11-09 16:47, Paul Moore wrote:
> On Thu, Nov 9, 2017 at 3:52 PM, Richard Guy Briggs <r...@redhat.com> wrote:
> > On 2017-11-09 10:59, Paul Moore wrote:
> >> On Thu, Nov 9, 2017 at 10:31 AM, Steve Grubb <sgr...@redhat.com> wrote:
> >> > On Thurs
On 2017-11-09 16:47, Paul Moore wrote:
> On Thu, Nov 9, 2017 at 3:52 PM, Richard Guy Briggs wrote:
> > On 2017-11-09 10:59, Paul Moore wrote:
> >> On Thu, Nov 9, 2017 at 10:31 AM, Steve Grubb wrote:
> >> > On Thursday, November 9, 2017 10:18:10 AM EST Paul Moor
> >> it is his patch after all, it would be nice to see an "OK" from him.
> >> Whatever we do, it needs to happen by the of the day today (Thursday,
> >> November 9th) as we need time to build and test the revised patches.
>
> FWIW, I just went through audit/next
nice to see an "OK" from him.
> >> Whatever we do, it needs to happen by the of the day today (Thursday,
> >> November 9th) as we need time to build and test the revised patches.
>
> FWIW, I just went through audit/next and it looks like yanking patch
>
On 2017-10-20 01:29, James Morris wrote:
> On Thu, 19 Oct 2017, Richard Guy Briggs wrote:
>
> > On 2017-10-11 20:57, Richard Guy Briggs wrote:
> > > The audit subsystem is adding a BPRM_FCAPS record when auditing setuid
> > > application execution (SYSCALL
On 2017-10-20 01:29, James Morris wrote:
> On Thu, 19 Oct 2017, Richard Guy Briggs wrote:
>
> > On 2017-10-11 20:57, Richard Guy Briggs wrote:
> > > The audit subsystem is adding a BPRM_FCAPS record when auditing setuid
> > > application execution (SYSCALL
On 2017-10-19 19:58, Paul Moore wrote:
> On Wed, Aug 23, 2017 at 7:03 AM, Richard Guy Briggs <r...@redhat.com> wrote:
> > Tracefs or debugfs were causing hundreds to thousands of PATH records to
> > be associated with the init_module and finit_module SYSCALL records on a
On 2017-10-19 19:58, Paul Moore wrote:
> On Wed, Aug 23, 2017 at 7:03 AM, Richard Guy Briggs wrote:
> > Tracefs or debugfs were causing hundreds to thousands of PATH records to
> > be associated with the init_module and finit_module SYSCALL records on a
> > few modules wh
On 2017-10-12 15:45, Steve Grubb wrote:
> On Thursday, October 12, 2017 10:14:00 AM EDT Richard Guy Briggs wrote:
> > Containers are a userspace concept. The kernel knows nothing of them.
> >
> > The Linux audit system needs a way to be able to track the container
>
On 2017-10-12 15:45, Steve Grubb wrote:
> On Thursday, October 12, 2017 10:14:00 AM EDT Richard Guy Briggs wrote:
> > Containers are a userspace concept. The kernel knows nothing of them.
> >
> > The Linux audit system needs a way to be able to track the container
>
On 2017-10-11 20:57, Richard Guy Briggs wrote:
> The audit subsystem is adding a BPRM_FCAPS record when auditing setuid
> application execution (SYSCALL execve). This is not expected as it was
> supposed to be limited to when the file system actually had capabilities
> in an extend
On 2017-10-11 20:57, Richard Guy Briggs wrote:
> The audit subsystem is adding a BPRM_FCAPS record when auditing setuid
> application execution (SYSCALL execve). This is not expected as it was
> supposed to be limited to when the file system actually had capabilities
> in an extend
On 2017-10-17 01:10, Casey Schaufler wrote:
> On 10/16/2017 5:33 PM, Richard Guy Briggs wrote:
> > On 2017-10-12 16:33, Casey Schaufler wrote:
> >> On 10/12/2017 7:14 AM, Richard Guy Briggs wrote:
> >>> Containers are a userspace concept. The kernel knows nothing
On 2017-10-17 01:10, Casey Schaufler wrote:
> On 10/16/2017 5:33 PM, Richard Guy Briggs wrote:
> > On 2017-10-12 16:33, Casey Schaufler wrote:
> >> On 10/12/2017 7:14 AM, Richard Guy Briggs wrote:
> >>> Containers are a userspace concept. The kernel knows nothing
On 2017-10-12 16:33, Casey Schaufler wrote:
> On 10/12/2017 7:14 AM, Richard Guy Briggs wrote:
> > Containers are a userspace concept. The kernel knows nothing of them.
> >
> > The Linux audit system needs a way to be able to track the container
> > provenance of event
On 2017-10-12 16:33, Casey Schaufler wrote:
> On 10/12/2017 7:14 AM, Richard Guy Briggs wrote:
> > Containers are a userspace concept. The kernel knows nothing of them.
> >
> > The Linux audit system needs a way to be able to track the container
> > provenance of event
om "signal" and "trigger" to "register"
- restrict registration to single process or force all threads and children
into same container
- RGB
--
Richard Guy Briggs <r...@redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ot
501 - 600 of 2017 matches
Mail list logo