Re: [RFC PATCH v1 0/7] Landlock audit support

Hi Mickaël! On Thu, Sep 21, 2023 at 08:16:34AM +0200, Mickaël Salaün wrote: > This patch series adds basic audit support to Landlock for most actions. > Logging denied requests is useful for different use cases: > * app developers: to ease and speed up sandboxing support > * power users: to unders

Re: [PATCH v7 01/28] lsm: Add audit_log_lsm_data() helper

; + audit_log_format(ab, " pid=%d comm=", task_tgid_nr(current)); > + audit_log_untrustedstring(ab, get_task_comm(comm, current)); > + audit_log_lsm_data(ab, a); > +} > + > /** > * common_lsm_audit - generic LSM auditing function > * @a: auxiliary audit data > -- > 2.49.0 > Reviewed-by: Günther Noack

Re: [PATCH v7 03/28] landlock: Move domain hierarchy management

On Thu, Mar 20, 2025 at 08:06:52PM +0100, Mickaël Salaün wrote: > Create a new domain.h file containing the struct landlock_hierarchy > definition and helpers. This type will grow with audit support. This > also prepares for a new domain type. > > Cc: Günther Noack > Sign

Re: [PATCH v5 02/24] landlock: Add unique ID generator

On Fri, Jan 31, 2025 at 05:30:37PM +0100, Mickaël Salaün wrote: > --- /dev/null > +++ b/security/landlock/id.c > +static atomic64_t next_id = ATOMIC64_INIT(COUNTER_PRE_INIT); > + > +static void __init init_id(atomic64_t *const counter, const u32 > random_32bits) > +{ > + u64 init; > + > +

Re: [PATCH v5 00/24] Landlock audit support

On Fri, Jan 31, 2025 at 05:30:35PM +0100, Mickaël Salaün wrote: > Hi, > > This patch series adds audit support to Landlock. > > Logging denied requests is useful for different use cases: > - sysadmins: to look for users' issues, > - security experts: to detect attack attempts, > - power users: to