On March 12, 2025 7:51:36 PM Paul Moore wrote:
On Mar 7, 2025 Casey Schaufler wrote:
...
diff --git a/include/linux/security.h b/include/linux/security.h
index 540894695c4b..79a9bf4a7cdd 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -168,6 +168,7 @@ struct lsm
On 2025-03-07 14:41, Steve Grubb wrote:
> On Thursday, March 6, 2025 4:41:40 PM Eastern Standard Time Richard Guy
> Briggs wrote:
> > On 2024-10-24 16:41, Paul Moore wrote:
> > > On Oct 23, 2024 Richard Guy Briggs wrote:
> > > > The move of the module sanity check to earlier skipped the audit
> >
Hello,
When deployment of a new IPE policy fails, there is no audit trail.
The failure is written to stderr, but not to the system log. So,
users of IPE require a way to identify when and why an operation fails,
allowing them to both respond to violations of policy and be notified
of potentially m
Users of IPE require a way to identify when and why an operation fails,
allowing them to both respond to violations of policy and be notified
of potentially malicious actions on their systems with respect to IPE.
This patch introduces a new error field to the AUDIT_IPE_POLICY_LOAD event
to log pol
On Wed, Mar 12, 2025 at 04:16:36PM -0400, Paul Moore wrote:
> On Wed, Mar 12, 2025 at 4:02 PM Andy Shevchenko
> wrote:
> >
> > audit_log_vformat() is using printf() type of format, and compiler
> > is not happy about this:
> >
> > kernel/audit.c:1978:9: error: function ‘audit_log_vformat’ might be
audit_log_vformat() is using printf() type of format, and GCC compiler
(Debian 14.2.0-17) is not happy about this:
kernel/audit.c:1978:9: error: function ‘audit_log_vformat’ might be a candidate
for ‘gnu_printf’ format attribute [-Werror=suggest-attribute=format]
kernel/audit.c:1987:17: error: fu
