> +static inline void makeatomicname(struct filename *name)
> +{
> + VFS_BUG_ON(IS_ERR_OR_NULL(name));
> + /*
> + * The name can legitimately already be atomic if it was cached by
> audit.
> + * If switching the refcount to atomic, we need not to know we are the
> + * only n
On Fri, Mar 7, 2025 at 5:18 PM Jens Axboe wrote:
>
> > +static inline void makeatomicname(struct filename *name)
> > +{
> > + VFS_BUG_ON(IS_ERR_OR_NULL(name));
> > + /*
> > + * The name can legitimately already be atomic if it was cached by
> > audit.
> > + * If switching the re
On Fri, Mar 07, 2025 at 05:11:55PM +0100, Mateusz Guzik wrote:
> +++ b/include/linux/fs.h
> @@ -2765,11 +2765,19 @@ struct audit_names;
> struct filename {
> const char *name; /* pointer to actual string */
> const __user char *uptr; /* original userland pointer */
Atomics are only needed for a combination of io_uring and audit.
Regular file access (even with audit) gets around fine without them.
With this patch 'struct filename' starts with being refcounted using
regular ops.
In order to avoid API explosion in the getname*() family, a dedicated
routine is
On 3/7/25 9:25 AM, Mateusz Guzik wrote:
> On Fri, Mar 7, 2025 at 5:18?PM Jens Axboe wrote:
>>
>>> +static inline void makeatomicname(struct filename *name)
>>> +{
>>> + VFS_BUG_ON(IS_ERR_OR_NULL(name));
>>> + /*
>>> + * The name can legitimately already be atomic if it was cached by
Add a parameter lsmid to security_lsmblob_to_secctx() to identify which
of the security modules that may be active should provide the security
context. If the value of lsmid is LSM_ID_UNDEF the first LSM providing
a hook is used. security_secid_to_secctx() is unchanged, and will
always report the f
Replace the single skb pointer in an audit_buffer with
a list of skb pointers. Add the audit_stamp information
to the audit_buffer as there's no guarantee that there
will be an audit_context containing the stamp associated
with the event. At audit_log_end() time create auxiliary
records (none are c
Create a new audit record AUDIT_MAC_OBJ_CONTEXTS.
An example of the MAC_OBJ_CONTEXTS (1424) record is:
type=MAC_OBJ_CONTEXTS[1424]
msg=audit(1601152467.009:1050):
obj_selinux=unconfined_u:object_r:user_home_t:s0
When an audit event includes a AUDIT_MAC_OBJ_CONTEXTS record
the "obj=" f
Create a new audit record AUDIT_MAC_TASK_CONTEXTS.
An example of the MAC_TASK_CONTEXTS (1423) record is:
type=MAC_TASK_CONTEXTS[1423]
msg=audit(1600880931.832:113)
subj_apparmor=unconfined
subj_smack=_
When an audit event includes a AUDIT_MAC_TASK_CONTEXTS record
the "subj=" field
Users of IPE require a way to identify when and why an operation fails,
allowing them to both respond to violations of policy and be notified
of potentially malicious actions on their systems with respect to IPE.
This patch introduces a new error field to the AUDIT_IPE_POLICY_LOAD event
to log pol
On Fri, Mar 7, 2025 at 5:32 PM Jens Axboe wrote:
>
> On 3/7/25 9:25 AM, Mateusz Guzik wrote:
> > On Fri, Mar 7, 2025 at 5:18?PM Jens Axboe wrote:
> >>
> >>> +static inline void makeatomicname(struct filename *name)
> >>> +{
> >>> + VFS_BUG_ON(IS_ERR_OR_NULL(name));
> >>> + /*
> >>> +
On 3/7/25 9:35 AM, Mateusz Guzik wrote:
> On Fri, Mar 7, 2025 at 5:32?PM Jens Axboe wrote:
>>
>> On 3/7/25 9:25 AM, Mateusz Guzik wrote:
>>> On Fri, Mar 7, 2025 at 5:18?PM Jens Axboe wrote:
> +static inline void makeatomicname(struct filename *name)
> +{
> + VFS_BUG_ON(IS_ERR
On Fri, Mar 7, 2025 at 5:38 PM Jens Axboe wrote:
>
> On 3/7/25 9:35 AM, Mateusz Guzik wrote:
> > Since you volunteered to sort this out, I'll be happy to wait.
>
> I'll take a look start next week, don't think it should be too bad. You
> already did 90% of the work.
>
Sounds good. In the mean tim
On Fri, Mar 7, 2025 at 5:42 PM Al Viro wrote:
>
> On Fri, Mar 07, 2025 at 05:11:55PM +0100, Mateusz Guzik wrote:
> > Atomics are only needed for a combination of io_uring and audit.
> >
> > Regular file access (even with audit) gets around fine without them.
> >
> > With this patch 'struct filenam
On Fri, Mar 07, 2025 at 05:11:55PM +0100, Mateusz Guzik wrote:
> Atomics are only needed for a combination of io_uring and audit.
>
> Regular file access (even with audit) gets around fine without them.
>
> With this patch 'struct filename' starts with being refcounted using
> regular ops.
>
> I
On Thu 06-03-25 20:12:23, Richard Guy Briggs wrote:
> On 2025-03-06 16:06, Jan Kara wrote:
> > On Wed 05-03-25 16:33:19, Richard Guy Briggs wrote:
> > > When no audit rules are in place, fanotify event results are
> > > unconditionally dropped due to an explicit check for the existence of
> > > any
On Fri, Jan 31, 2025 at 05:30:37PM +0100, Mickaël Salaün wrote:
> --- /dev/null
> +++ b/security/landlock/id.c
> +static atomic64_t next_id = ATOMIC64_INIT(COUNTER_PRE_INIT);
> +
> +static void __init init_id(atomic64_t *const counter, const u32
> random_32bits)
> +{
> + u64 init;
> +
> +
On Fri, Mar 7, 2025 at 5:26 PM Matthew Wilcox wrote:
>
> On Fri, Mar 07, 2025 at 05:11:55PM +0100, Mateusz Guzik wrote:
> > +++ b/include/linux/fs.h
> > @@ -2765,11 +2765,19 @@ struct audit_names;
> > struct filename {
> > const char *name; /* pointer to actual string */
> >
Refactor audit_log_task_context(), creating a new
audit_log_subject_context(). This is used in netlabel auditing
to provide multiple subject security contexts as necessary.
Signed-off-by: Casey Schaufler
---
include/linux/audit.h| 8
kernel/audit.c | 21 ++
On Fri, Mar 7, 2025 at 5:44 PM Mateusz Guzik wrote:
>
> On Fri, Mar 7, 2025 at 5:42 PM Al Viro wrote:
> > Not a good way to handle that, IMO.
> >
> > Atomics do hurt there, but they are only plastering over the real
> > problem - names formed in one thread, inserted into audit context
> > there a
On 2025-03-07 15:52, Jan Kara wrote:
> On Thu 06-03-25 20:12:23, Richard Guy Briggs wrote:
> > On 2025-03-06 16:06, Jan Kara wrote:
> > > On Wed 05-03-25 16:33:19, Richard Guy Briggs wrote:
> > > > When no audit rules are in place, fanotify event results are
> > > > unconditionally dropped due to a
Hello,
When deployment of a new IPE policy fails, there is no audit trail.
The failure is written to stderr, but not to the system log. So,
users of IPE require a way to identify when and why an operation fails,
allowing them to both respond to violations of policy and be notified
of potentially m
The Linux audit system includes LSM based security "context" information
in its events. Historically, only one LSM that uses security contexts can
be active on a system. One of the few obsticles to allowing multiple LSM
support is the inability to report more than one security context in an
audit e
Replace the timestamp and serial number pair used in audit records
with a structure containing the two elements.
Signed-off-by: Casey Schaufler
---
kernel/audit.c | 17 +
kernel/audit.h | 13 +
kernel/auditsc.c | 22 +-
3 files changed, 27 inse
On Thursday, March 6, 2025 4:41:40 PM Eastern Standard Time Richard Guy
Briggs wrote:
> On 2024-10-24 16:41, Paul Moore wrote:
> > On Oct 23, 2024 Richard Guy Briggs wrote:
> > > The move of the module sanity check to earlier skipped the audit
> > > logging
> > > call in the case of failure and t
25 matches
Mail list logo
