Reported-by: Mauro Carvalho Chehab
Signed-off-by: Richard Guy Briggs
---
.../ABI/stable/procfs-audit_loginuid | 22 +--
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/Documentation/ABI/stable/procfs-audit_loginuid
b/Documentation/ABI/stable/procfs-
On 2021-04-01 09:57, Paul Moore wrote:
> On Thu, Apr 1, 2021 at 9:48 AM Mauro Carvalho Chehab
> wrote:
> > Em Thu, 18 Mar 2021 15:19:10 -0400
> > Richard Guy Briggs escreveu:
> > > Describe the /proc/PID/loginuid interface in Documentation/ABI/stable that
> >
On 2021-04-01 15:24, Phil Sutter wrote:
> On Fri, Mar 26, 2021 at 01:38:59PM -0400, Richard Guy Briggs wrote:
> > Reduce logging of nftables events to a level similar to iptables.
> > Restore the table field to list the table, adding the generation.
> >
> > Indicate the
On 2021-03-31 22:46, Pablo Neira Ayuso wrote:
> On Fri, Mar 26, 2021 at 01:38:59PM -0400, Richard Guy Briggs wrote:
> > @@ -8006,12 +7966,65 @@ static void nft_commit_notify(struct net *net, u32
> > portid)
> > WARN_ON_ONCE(!list_empty(>nft.notify_list));
>
On 2021-03-31 22:22, Pablo Neira Ayuso wrote:
> On Fri, Mar 26, 2021 at 01:38:59PM -0400, Richard Guy Briggs wrote:
> > Reduce logging of nftables events to a level similar to iptables.
> > Restore the table field to list the table, adding the generation.
> >
> >
://github.com/linux-audit/audit-kernel/issues/124
Signed-off-by: Richard Guy Briggs
---
Changelog:
v5:
(sorry for all the noise...)
- fix kbuild missing prototype warning in
nf_tables_commit_audit_{alloc,collect,log}()
v4:
- move nf_tables_commit_audit_log() before nf_tables_commit_release() [fw
://github.com/linux-audit/audit-kernel/issues/124
Signed-off-by: Richard Guy Briggs
---
Changelog:
v4:
- move nf_tables_commit_audit_log() before nf_tables_commit_release() [fw]
- move nft2audit_op[] from audit.h to nf_tables_api.c
v3:
- fix function braces, reduce parameter scope [pna]
- pre
On 2021-03-24 12:32, Paul Moore wrote:
> On Tue, Mar 23, 2021 at 4:05 PM Richard Guy Briggs wrote:
> >
> > Reduce logging of nftables events to a level similar to iptables.
> > Restore the table field to list the table, adding the generation.
> >
> > Indica
://github.com/linux-audit/audit-kernel/issues/124
Signed-off-by: Richard Guy Briggs
---
Changelog:
v3:
- fix function braces, reduce parameter scope
- pre-allocate nft_audit_data per table in step 1, bail on ENOMEM
v2:
- convert NFT ops to array indicies in nft2audit_op[]
- use linux lists
- use
On 2021-03-22 23:57, Pablo Neira Ayuso wrote:
> On Mon, Mar 22, 2021 at 04:49:04PM -0400, Richard Guy Briggs wrote:
> > diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
> > index c1eb5cdb3033..42ba44890523 100644
> > --- a/net/netfilter/nf_table
://github.com/linux-audit/audit-kernel/issues/124
Signed-off-by: Richard Guy Briggs
---
Changelog
v2:
- convert NFT ops to array indicies in nft2audit_op[]
- use linux lists
- use functions for each of collection and logging of audit data
---
include/linux/audit.h | 28 +++
net
; instead, and change a
> few more that were (void)0, for consistency.
>
> Signed-off-by: Arnd Bergmann
Acked-by: Richard Guy Briggs
> ---
> v2: convert two more macros
> ---
> kernel/audit.h | 12 ++--
> 1 file changed, 6 insertions(+), 6 deletions(-)
>
&g
On 2021-03-22 17:28, Arnd Bergmann wrote:
> On Mon, Mar 22, 2021 at 3:33 PM Richard Guy Briggs wrote:
> > > Change the macros to use the usual "do { } while (0)" instead, and change
> > > a
> > > few more that were (void)0, for consistenc
e (0)
> #define audit_tag_tree(old, new) -EINVAL
> #define audit_tree_path(rule) "" /* never called */
> #define audit_kill_trees(context) BUG()
> --
> 2.29.2
>
- RGB
--
Richard Guy Briggs
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635
On 2021-03-19 13:52, Phil Sutter wrote:
> On Thu, Mar 18, 2021 at 02:37:03PM -0400, Richard Guy Briggs wrote:
> > On 2021-03-18 17:30, Phil Sutter wrote:
> [...]
> > > Why did you leave the object-related logs in place? They should reappear
> > > at commit
Describe the /proc/PID/loginuid interface in Documentation/ABI/stable that
was added 2005-02-01 by commit 1e2d1492e178 ("[PATCH] audit: handle
loginuid through proc")
Signed-off-by: Richard Guy Briggs
---
Documentation/ABI/stable/procfs-audit_loginuid | 15 +++
1 file c
Describe the /proc/PID/loginuid interface in Documentation/ABI/stable that
was added 2008-03-13 in commit 1e0bd7550ea9 ("[PATCH] export sessionid
alongside the loginuid in procfs")
Signed-off-by: Richard Guy Briggs
---
Documentation/ABI/stable/procfs-audit_loginuid | 12 ++
Add Documentation/ABI entries for audit interfaces in /proc/PID/ that have
been stable for more than a decade.
Richard Guy Briggs (2):
audit: document /proc/PID/loginuid
audit: document /proc/PID/sessionid
.../ABI/stable/procfs-audit_loginuid | 27 +++
1 file
On 2021-03-18 17:30, Phil Sutter wrote:
> Hi,
>
> On Thu, Mar 18, 2021 at 11:39:52AM -0400, Richard Guy Briggs wrote:
> > Reduce logging of nftables events to a level similar to iptables.
> > Restore the table field to list the table, adding the generation.
>
> Th
://github.com/linux-audit/audit-kernel/issues/124
Signed-off-by: Richard Guy Briggs
---
include/linux/audit.h | 29
net/netfilter/nf_tables_api.c | 132 +-
2 files changed, 78 insertions(+), 83 deletions(-)
diff --git a/include/linux/audit.h b
On 2021-03-18 11:48, Christian Brauner wrote:
> [+Cc Aleksa, the author of openat2()]
Ah! Thanks for pulling in Aleksa. I thought I caught everyone...
> and a comment below. :)
Same...
> On Wed, Mar 17, 2021 at 09:47:17PM -0400, Richard Guy Briggs wrote:
> > The openat2(2) sy
On 2021-03-18 11:52, Christian Brauner wrote:
> On Thu, Mar 18, 2021 at 11:48:45AM +0100, Christian Brauner wrote:
> > On Wed, Mar 17, 2021 at 09:47:17PM -0400, Richard Guy Briggs wrote:
> > > The openat2(2) syscall was added in kernel v5.6 with commit fddb5d430ad9
> > >
Describe the /proc/PID/loginuid interface in Documentation/ABI/stable that
was added 2008-03-13 in commit 1e0bd7550ea9 ("[PATCH] export sessionid
alongside the loginuid in procfs")
Signed-off-by: Richard Guy Briggs
---
Documentation/ABI/stable/procfs-audit_loginuid | 12 ++
Add Documentation/ABI entries for audit interfaces in /proc/PID/ that have
been stable for more than a decade.
Richard Guy Briggs (2):
audit: document /proc/PID/loginuid
audit: document /proc/PID/sessionid
.../ABI/stable/procfs-audit_loginuid | 27 +++
1 file
Describe the /proc/PID/loginuid interface in Documentation/ABI/stable that
was added 2005-02-01 by commit 1e2d1492e178 ("[PATCH] audit: handle
loginuid through proc")
Signed-off-by: Richard Guy Briggs
---
Documentation/ABI/stable/procfs-audit_loginuid | 15 +++
1 file c
Add files maintaned by the audit subsystem.
Files from arch/*/*/*audit*.[ch] and arch/x86/include/asm/audit.h were not
added due to concern of the list not holding up over time. There exist
already exceptions that caused the need for this specificity.
Signed-off-by: Richard Guy Briggs
The openat2(2) syscall was added in kernel v5.6 with commit fddb5d430ad9
("open: introduce openat2(2) syscall")
Add the openat2(2) syscall to the audit syscall classifier.
See the github issue
https://github.com/linux-audit/audit-kernel/issues/67
Signed-off-by: Richard Guy Briggs
/tree/ghau-openat2
Supporting test case can be found in
https://github.com/linux-audit/audit-testsuite/pull/103
Richard Guy Briggs (2):
audit: add support for the openat2 syscall
audit: add OPENAT2 record to list how
arch/alpha/kernel/audit.c | 2 ++
arch/ia64/kernel/audit.c
=0
tty=ttyS0 ses=1 comm="openat2"
exe="/root/rgb/git/audit-testsuite/tests/syscalls_file/openat2"
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
key="testsuite-1616012933-bjAUcEPO"
Signed-off-by: Richard Guy Briggs
---
fs/open.c | 2 ++
On 2021-03-12 14:15, Paul Moore wrote:
> On Thu, Mar 11, 2021 at 11:41 AM Richard Guy Briggs wrote:
> > Describe the /proc/PID/loginuid interface in Documentation/ABI/stable that
> > was added 2005-02-01 by commit 1e2d1492e178 ("[PATCH] audit: handle
> > loginuid through
On 2021-03-12 16:38, Paul Moore wrote:
> On Thu, Mar 11, 2021 at 11:41 AM Richard Guy Briggs wrote:
> > Add files maintaned by the audit subsystem.
> >
> > Signed-off-by: Richard Guy Briggs
> > ---
> > MAINTAINERS | 4
> > 1 file changed, 4 insertion
Describe the /proc/PID/loginuid interface in Documentation/ABI/stable that
was added 2008-03-13 in commit 1e0bd7550ea9 ("[PATCH] export sessionid
alongside the loginuid in procfs")
Signed-off-by: Richard Guy Briggs
---
Documentation/ABI/stable/procfs-audit_loginuid | 12 ++
Add Documentation/ABI entries for audit interfaces in /proc/PID/ that have
been stable for more than a decade.
Richard Guy Briggs (2):
audit: document /proc/PID/loginuid
audit: document /proc/PID/sessionid
.../ABI/stable/procfs-audit_loginuid | 27 +++
1 file
Describe the /proc/PID/loginuid interface in Documentation/ABI/stable that
was added 2005-02-01 by commit 1e2d1492e178 ("[PATCH] audit: handle
loginuid through proc")
Signed-off-by: Richard Guy Briggs
---
Documentation/ABI/stable/procfs-audit_loginuid | 15 +++
1 file c
Add files maintaned by the audit subsystem.
Signed-off-by: Richard Guy Briggs
---
MAINTAINERS | 4
1 file changed, 4 insertions(+)
diff --git a/MAINTAINERS b/MAINTAINERS
index 6eff4f720c72..a17532559665 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -3015,9 +3015,13 @@ L: linux-au
Remove the list parameter from the function call since the exit filter
list is the only remaining list used by this function.
This cleans up commit 5260ecc2e048
("audit: deprecate the AUDIT_FILTER_ENTRY filter")
Signed-off-by: Richard Guy Briggs
---
kernel/auditsc.c | 11 -
On 2021-02-19 01:26, Richard Guy Briggs wrote:
> On 2021-02-18 23:42, Florian Westphal wrote:
> > Richard Guy Briggs wrote:
> > > > If they appear in a batch tehy will be ignored, if the batch consists of
> > > > such non-modifying ops only then nf_tables_commi
On 2021-02-18 23:42, Florian Westphal wrote:
> Richard Guy Briggs wrote:
> > > If they appear in a batch tehy will be ignored, if the batch consists of
> > > such non-modifying ops only then nf_tables_commit() returns early
> > > because the transaction list
On 2021-02-18 13:52, Florian Westphal wrote:
> Richard Guy Briggs wrote:
> > On 2021-02-18 09:22, Florian Westphal wrote:
> > > > It seems I'd need to filter out the NFT_MSG_GET_* ops.
> > >
> > > No need, the GET ops do not cause changes and will n
On 2021-02-18 13:52, Florian Westphal wrote:
> Richard Guy Briggs wrote:
> > On 2021-02-18 09:22, Florian Westphal wrote:
> > > No. There is a hierarchy, e.g. you can't add a chain without first
> > > adding a table, BUT in case the table was already created by a
On 2021-02-18 09:22, Florian Westphal wrote:
> Richard Guy Briggs wrote:
> > On 2021-02-11 23:09, Florian Westphal wrote:
> > > So, if just a summary is needed a single audit_log_nfcfg()
> > > after 'step 3' and outside of the list_for_each_entry_safe() is all
> &
On 2021-02-11 23:09, Florian Westphal wrote:
> Richard Guy Briggs wrote:
> > > > I personally would notify once per transaction. This is easy and quick.
> >
> > This was the goal. iptables was atomic. nftables appears to no longer
> > be so. If I have this
> place for a change notification. In nftables, the most common one is
> generation dump - all tables are treated as elements of the same
> ruleset, not individually like in xtables.
>
> Richard, assuming the above is correct, are you fine with reducing
> nftables auditing to a single no
On 2021-02-11 15:26, Richard Guy Briggs wrote:
> On 2021-02-11 11:29, Paul Moore wrote:
> > On Thu, Feb 11, 2021 at 10:16 AM Phil Sutter wrote:
> > > Hi,
> > >
> > > On Thu, Jun 04, 2020 at 09:20:49AM -0400, Richard Guy Briggs wrote:
> > > > i
On 2021-02-11 11:29, Paul Moore wrote:
> On Thu, Feb 11, 2021 at 10:16 AM Phil Sutter wrote:
> > Hi,
> >
> > On Thu, Jun 04, 2020 at 09:20:49AM -0400, Richard Guy Briggs wrote:
> > > iptables, ip6tables, arptables and ebtables table registration,
> > > repla
On 2021-01-26 10:58, Casey Schaufler wrote:
> On 1/26/2021 10:42 AM, Richard Guy Briggs wrote:
> > On 2021-01-26 08:41, Casey Schaufler wrote:
> >> Standalone audit records have the timestamp and serial number generated
> >> on the fly and as such are unique, making
;audit: deprecate the
AUDIT_FILTER_ENTRY filter")
Might as well also amend the function comment block to remove the
reference to syscall entry since that is no longer relevant.
> Signed-off-by: Yang Yang
Reviewed-by: Richard Guy Briggs
> ---
> kernel/auditsc.c | 8
> 1 file cha
a standalone record and its auxiliary record(s). The
> context is discarded immediately after the local associated records are
> produced.
>
> Signed-off-by: Richard Guy Briggs
> Signed-off-by: Casey Schaufler
> Cc: linux-au...@redhat.com
> To: Richard Guy Briggs
This has been
to reflect the new record request and reply type.
An older userspace won't break since it won't know to request this
record type.
Signed-off-by: Richard Guy Briggs
---
Acks from nhorman/omosnace should have been added in v6.
Acks dropped due to restructure audit_sig_info2 for nesting, sigcount
amespace B. An
event happens in network namespace B:
type=NETFILTER_PKT ...
type=CONTAINER_ID msg=audit(:): contid=2,^1,3,^1
Signed-off-by: Richard Guy Briggs
---
kernel/audit.c | 75 +-
1 file changed, 62 insertions(+), 13 deletions(-)
diff
Signed-off-by: Richard Guy Briggs
---
.../ABI/testing/procfs-audit_containerid | 16 +
fs/proc/base.c| 54 +++
include/linux/audit.h | 4 +-
include/uapi/linux/audit.h| 1 +
kern
ee the github audit wiki for the feature overview:
https://github.com/linux-audit/audit-kernel/wiki/RFE-Audit-Container-ID
Signed-off-by: Richard Guy Briggs
---
Acks removed due to redo rcu/spin locking:
Acked-by: Neil Horman
Reviewed-by: Ondrej Mosnacek
---
include/linux/audit.h| 17 +++
k
orchestrator as the one that set it so it is not
possible to change the contid of another orchestrator's container.
Since the task_is_descendant() function is used in YAMA and in audit,
remove the duplication and pull the function into kernel/core/sched.c
Signed-off-by: Richard Guy Briggs
audit testsuiite issue for the test case:
https://github.com/linux-audit/audit-testsuite/issues/64
Please see the github audit wiki for the feature overview:
https://github.com/linux-audit/audit-kernel/wiki/RFE-Audit-Container-ID
Signed-off-by: Richard Guy Briggs
Acked-by: Serge Hallyn
Acked
linked by timestamp and serial.
Signed-off-by: Richard Guy Briggs
Acked-by: Serge Hallyn
Acked-by: Neil Horman
Reviewed-by: Ondrej Mosnacek
---
include/linux/audit.h | 8
kernel/audit.h| 1 +
kernel/auditsc.c | 31 ++-
3 files changed, 35 insert
Add audit container identifier auxiliary record to user event standalone
records.
Signed-off-by: Richard Guy Briggs
Acked-by: Neil Horman
Reviewed-by: Ondrej Mosnacek
---
kernel/audit.c | 12 +---
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/kernel/audit.c b/kernel
nux-audit/audit-userspace/issues/51
Please see the github audit testsuiite issue for the test case:
https://github.com/linux-audit/audit-testsuite/issues/64
Please see the github audit wiki for the feature overview:
https://github.com/linux-audit/audit-kernel/wiki/RFE-Audit-Container-ID
S
the test case:
https://github.com/linux-audit/audit-testsuite/issues/64
Please see the github audit wiki for the feature overview:
https://github.com/linux-audit/audit-kernel/wiki/RFE-Audit-Container-ID
Signed-off-by: Richard Guy Briggs
---
Acks dropped due to log drop added 7.3, redo rcu/sp
nel/issues/90
Signed-off-by: Richard Guy Briggs
---
Acks removed due to significant code changes hiding audit task struct:
Acked-by: Neil Horman
Reviewed-by: Ondrej Mosnacek
---
fs/io-wq.c| 8 +--
fs/io_uring.c | 16 ++---
include/linux/audit.h | 49 +-
inc
spelling mistake of contidion in net/rfkill/core.c to avoid contid name
collision
v2
- add check for children and threads
- add network namespace container identifier list
- add NETFILTER_PKT audit container identifier logging
- patch description and documentation clean-up and example
- reap un
On 2020-12-21 12:14, Paul Moore wrote:
> On Mon, Dec 21, 2020 at 11:57 AM Richard Guy Briggs wrote:
> >
> > The audit-related parameters in struct task_struct should ideally be
> > collected together and accessed through a standard audit API and the audit
> > stru
-audit/audit-userspace/issues/51
See: https://github.com/linux-audit/audit-kernel/issues/90
See: https://github.com/linux-audit/audit-testsuite/issues/64
See: https://github.com/linux-audit/audit-kernel/wiki/RFE-Audit-Container-ID
Signed-off-by: Richard Guy Briggs
---
lib/libaudit.h | 4
lib
See: https://github.com/linux-audit/audit-kernel/wiki/RFE-Audit-Container-ID
Add the audit_get_capcontid() and audit_set_capcontid() calls analogous
to CAP_AUDIT_CONTROL for descendant user namespaces.
Signed-off-by: Richard Guy Briggs
---
auparse/normalize.c| 1 +
auparse
:18.746:1690) :
contid=777,666,333
Signed-off-by: Richard Guy Briggs
---
src/ausearch-report.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/ausearch-report.c b/src/ausearch-report.c
index 416c2b13fa6a..754b28af2cb6 100644
--- a/src/ausearch-report.c
+++ b/src
Now that the kernel is able to track container nesting ("audit: track
container nesting"), convert the ausearch internals to parse and track
the compound list of contids stored in their native u64 format for
faster and more efficient processing.
Signed-off-by: Richard Guy Briggs
Add support to ausearch for searching on the containerid field in
records.
Signed-off-by: Richard Guy Briggs
---
src/aureport-options.c | 1 +
src/ausearch-llist.c | 2 ++
src/ausearch-llist.h | 1 +
src/ausearch-match.c | 3 +++
src/ausearch-options.c | 48
;
uint64_tcid;
charctx[];
};
Signed-off-by: Richard Guy Briggs
---
auparse/auditd-config.c | 1 +
docs/audit_request_signal_info.3 | 15 -
lib/libaudit.c | 56 +++-
lib/libaudit.h | 16
Signed-off-by: Richard Guy Briggs
---
auparse/auparse-defs.h | 3 ++-
auparse/interpret.c | 10 ++
auparse/normalize_record_map.h | 2 ++
auparse/typetab.h| 2 ++
bindings/python/auparse_python.c | 1 +
5 files changed, 17 insertions(+), 1
Add the audit_get_containerid() call analogous to audit_getloginuid()
and audit_get_session() calls to get our own audit container identifier.
This is intended as a debug patch, not to be upstreamed.
Signed-off-by: Richard Guy Briggs
---
docs/Makefile.am | 2 +-
docs
Signed-off-by: Richard Guy Briggs
---
src/auditd-event.c| 20 +++-
src/auditd-reconfig.c | 2 --
2 files changed, 15 insertions(+), 7 deletions(-)
diff --git a/src/auditd-event.c b/src/auditd-event.c
index e6b2a961f02b..800f4d83bc83 100644
--- a/src/auditd-event.c
+++ b/src
tion.
See: https://github.com/linux-audit/audit-userspace/issues/40
See: https://github.com/linux-audit/audit-kernel/issues/91
See: https://github.com/linux-audit/audit-testsuite/issues/64
See: https://github.com/linux-audit/audit-kernel/wiki/RFE-Audit-Container-ID
Signed-off-by: Richard Guy Briggs
/90
See: https://github.com/linux-audit/audit-testsuite/issues/64
See: https://github.com/linux-audit/audit-kernel/wiki/RFE-Audit-Container-ID
Signed-off-by: Richard Guy Briggs
---
lib/libaudit.h| 4
lib/msg_typetab.h | 1 +
2 files changed, 5 insertions(+)
diff --git a/lib/libaudit.h b
_CONTAINER, AUDIT_CONTAINER_INFO, ausearch,
normalization
Richard Guy Briggs (11):
AUDIT_CONTAINER_OP message type basic support
AUDIT_CONTAINER_ID message type basic support
auditctl: add support for AUDIT_CONTID filter
add ausearch containerid support
start normalization containerid support
Signed-off-by: Richard Guy Briggs
---
.../ABI/testing/procfs-audit_containerid | 16 +
fs/proc/base.c| 54 +++
include/linux/audit.h | 4 +-
include/uapi/linux/audit.h| 1 +
kern
amespace B. An
event happens in network namespace B:
type=NETFILTER_PKT ...
type=CONTAINER_ID msg=audit(:): contid=2,^1,3,^1
Signed-off-by: Richard Guy Briggs
---
kernel/audit.c | 75 +-
1 file changed, 62 insertions(+), 13 deletions(-)
diff
orchestrator as the one that set it so it is not
possible to change the contid of another orchestrator's container.
Since the task_is_descendant() function is used in YAMA and in audit,
remove the duplication and pull the function into kernel/core/sched.c
Signed-off-by: Richard Guy Briggs
://github.com/linux-audit/audit-kernel/wiki/RFE-Audit-Container-ID
Signed-off-by: Richard Guy Briggs
Acked-by: Neil Horman
Reviewed-by: Ondrej Mosnacek
---
include/linux/audit.h| 17 +++
kernel/audit.c | 229 ++-
kernel/nsproxy.c | 4 +
net
audit testsuiite issue for the test case:
https://github.com/linux-audit/audit-testsuite/issues/64
Please see the github audit wiki for the feature overview:
https://github.com/linux-audit/audit-kernel/wiki/RFE-Audit-Container-ID
Signed-off-by: Richard Guy Briggs
Acked-by: Serge Hallyn
Acked
Add audit container identifier auxiliary record to user event standalone
records.
Signed-off-by: Richard Guy Briggs
Acked-by: Neil Horman
Reviewed-by: Ondrej Mosnacek
---
kernel/audit.c | 12 +---
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/kernel/audit.c b/kernel
linked by timestamp and serial.
Signed-off-by: Richard Guy Briggs
Acked-by: Serge Hallyn
Acked-by: Neil Horman
Reviewed-by: Ondrej Mosnacek
---
include/linux/audit.h | 8
kernel/audit.h| 1 +
kernel/auditsc.c | 31 ++-
3 files changed, 35 insert
audit testsuiite issue for the test case:
https://github.com/linux-audit/audit-testsuite/issues/64
Please see the github audit wiki for the feature overview:
https://github.com/linux-audit/audit-kernel/wiki/RFE-Audit-Container-ID
Signed-off-by: Richard Guy Briggs
Acked-by: Serge Hallyn
Ac
to reflect the new record request and reply type.
An older userspace won't break since it won't know to request this
record type.
Signed-off-by: Richard Guy Briggs
---
include/linux/audit.h | 7 +++
include/uapi/linux/audit.h | 1 +
kernel/audit.c | 116
udit-userspace/issues/51
Please see the github audit testsuiite issue for the test case:
https://github.com/linux-audit/audit-testsuite/issues/64
Please see the github audit wiki for the feature overview:
https://github.com/linux-audit/audit-kernel/wiki/RFE-Audit-Container-ID
Signed-off-by: Ri
nel/issues/90
Signed-off-by: Richard Guy Briggs
Acked-by: Neil Horman
Reviewed-by: Ondrej Mosnacek
---
fs/io-wq.c| 8 +--
fs/io_uring.c | 16 ++---
include/linux/audit.h | 49 +-
include/linux/sched.h | 7 +-
init/init_task.c | 3 +-
init/main.c
ert initial container record to syscall aux
- fix spelling mistake of contidion in net/rfkill/core.c to avoid contid name
collision
v2
- add check for children and threads
- add network namespace container identifier list
- add NETFILTER_PKT audit container identifier logging
- patch description
m_kuid(_user_ns, koldloginuid);
> - loginuid = from_kuid(_user_ns, kloginuid),
> + loginuid = from_kuid(_user_ns, kloginuid);
Nice catch. That went unnoticed through 3 patches, the last two mine...
Not quite sure why no compiler complained about it...
Reviewe
s]
> kernel/auditsc.c:82:0: warning: macro "AUDITSC_INVALID" is not used
> [-Wunused-macros]
>
> AUDIT_UNINITIALIZED and AUDITSC_INVALID are still meaningful and could
> be used in code.
"and should be incorporated"
> Just remove AUDIT_AUX_IPCPERM.
>
> Thank
On 2020-11-10 21:47, Paul Moore wrote:
> On Tue, Nov 10, 2020 at 10:23 AM Richard Guy Briggs wrote:
> > On 2020-11-06 16:31, Alex Shi wrote:
> > > Some unused macros could cause gcc warning:
> > > kernel/audit.c:68:0: warning: macro "AUDIT_UNINITIALIZED&quo
13
("AUDIT: Add message types to audit records")
Introduced here:
8e633c3fb2a2 David Woodhouse 2005-03-01
("Audit IPC object owner/permission changes.")
I agree, remove it.
> /* Number of target pids per aux struct. */
> #define AUDIT_AUX_PIDS 16
>
On 2020-10-22 21:21, Paul Moore wrote:
> On Wed, Oct 21, 2020 at 12:39 PM Richard Guy Briggs wrote:
> > Here is an exmple I was able to generate after updating the testsuite
> > script to include a signalling example of a nested audit container
> > identifier:
> >
>
On 2020-10-21 12:49, Steve Grubb wrote:
> On Wednesday, October 21, 2020 12:39:26 PM EDT Richard Guy Briggs wrote:
> > > I think I have a way to generate a signal to multiple targets in one
> > > syscall... The added challenge is to also give those targets different
On 2020-10-02 15:52, Richard Guy Briggs wrote:
> On 2020-08-21 15:15, Paul Moore wrote:
> > On Wed, Jul 29, 2020 at 3:41 PM Richard Guy Briggs wrote:
> > > On 2020-07-05 11:10, Paul Moore wrote:
> > > > On Sat, Jun 27, 2020 at 9:22 AM Rich
On 2020-08-21 16:13, Paul Moore wrote:
> On Fri, Aug 7, 2020 at 1:10 PM Richard Guy Briggs wrote:
> > On 2020-07-05 11:11, Paul Moore wrote:
> > > On Sat, Jun 27, 2020 at 9:23 AM Richard Guy Briggs
> > > wrote:
> > > > Require the target t
On 2020-08-21 15:15, Paul Moore wrote:
> On Wed, Jul 29, 2020 at 3:41 PM Richard Guy Briggs wrote:
> > On 2020-07-05 11:10, Paul Moore wrote:
> > > On Sat, Jun 27, 2020 at 9:22 AM Richard Guy Briggs
> > > wrote:
>
> ...
>
> > > > diff --git a/k
On 2020-08-21 14:48, Paul Moore wrote:
> On Wed, Jul 29, 2020 at 3:00 PM Richard Guy Briggs wrote:
> > On 2020-07-05 11:10, Paul Moore wrote:
> > > On Sat, Jun 27, 2020 at 9:22 AM Richard Guy Briggs
> > > wrote:
> > > >
> > > > Add audit conta
On 2020-09-23 10:29, Paul Moore wrote:
> On Tue, Sep 22, 2020 at 8:45 AM Richard Guy Briggs wrote:
> >
> > When there are no audit rules registered, mandatory records (config,
> > etc.) are missing their accompanying records (syscall, proctitle, etc.).
> >
> > T
ichard Guy Briggs
---
Chagelog:
v5:
- open code audit_clear_dummy() in audit_log_start()
- fix check for ctx->pwd in audit_log_name()
- open code _audit_getcwd() contents in audit_alloc_name()
- ditch all *audit_getcwd() calls
v4:
- resubmit after revert
v3:
- initialize fds[0] to -1
-
On 2020-09-21 19:31, Paul Moore wrote:
> On Mon, Sep 21, 2020 at 3:57 PM Richard Guy Briggs wrote:
> > On 2020-09-15 12:18, Paul Moore wrote:
> > > On Thu, Sep 10, 2020 at 11:03 AM Richard Guy Briggs
> > > wrote:
> > > >
> > > > When the
On 2020-09-15 12:18, Paul Moore wrote:
> On Thu, Sep 10, 2020 at 11:03 AM Richard Guy Briggs wrote:
> >
> > When there are no audit rules registered, mandatory records (config,
> > etc.) are missing their accompanying records (syscall, proctitle, etc.).
> >
> > T
120
This is also related to upstream github issue
https://github.com/linux-audit/audit-kernel/issues/96
Signed-off-by: Richard Guy Briggs
---
Passes audit-testsuite.
Chagelog:
v4:
- rebase on audit/next v5.9-rc1
- squash v2+v3fix
- add pwd NULL check in audit_log_name()
- resubmit after revert
1 - 100 of 2017 matches
Mail list logo
