Reported-by: Mauro Carvalho Chehab
Signed-off-by: Richard Guy Briggs
---
.../ABI/stable/procfs-audit_loginuid | 22 +--
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/Documentation/ABI/stable/procfs-audit_loginuid
b/Documentation/ABI/stable/procfs-
On 2021-04-01 09:57, Paul Moore wrote:
> On Thu, Apr 1, 2021 at 9:48 AM Mauro Carvalho Chehab
> wrote:
> > Em Thu, 18 Mar 2021 15:19:10 -0400
> > Richard Guy Briggs escreveu:
> > > Describe the /proc/PID/loginuid interface in Documentation/ABI/stable that
> >
On 2021-04-01 15:24, Phil Sutter wrote:
> On Fri, Mar 26, 2021 at 01:38:59PM -0400, Richard Guy Briggs wrote:
> > Reduce logging of nftables events to a level similar to iptables.
> > Restore the table field to list the table, adding the generation.
> >
> > Indicate the
On 2021-03-31 22:46, Pablo Neira Ayuso wrote:
> On Fri, Mar 26, 2021 at 01:38:59PM -0400, Richard Guy Briggs wrote:
> > @@ -8006,12 +7966,65 @@ static void nft_commit_notify(struct net *net, u32
> > portid)
> > WARN_ON_ONCE(!list_empty(&net->nft.notify_list));
On 2021-03-31 22:22, Pablo Neira Ayuso wrote:
> On Fri, Mar 26, 2021 at 01:38:59PM -0400, Richard Guy Briggs wrote:
> > Reduce logging of nftables events to a level similar to iptables.
> > Restore the table field to list the table, adding the generation.
> >
> >
://github.com/linux-audit/audit-kernel/issues/124
Signed-off-by: Richard Guy Briggs
---
Changelog:
v5:
(sorry for all the noise...)
- fix kbuild missing prototype warning in
nf_tables_commit_audit_{alloc,collect,log}()
v4:
- move nf_tables_commit_audit_log() before nf_tables_commit_release() [fw
://github.com/linux-audit/audit-kernel/issues/124
Signed-off-by: Richard Guy Briggs
---
Changelog:
v4:
- move nf_tables_commit_audit_log() before nf_tables_commit_release() [fw]
- move nft2audit_op[] from audit.h to nf_tables_api.c
v3:
- fix function braces, reduce parameter scope [pna]
- pre
On 2021-03-24 12:32, Paul Moore wrote:
> On Tue, Mar 23, 2021 at 4:05 PM Richard Guy Briggs wrote:
> >
> > Reduce logging of nftables events to a level similar to iptables.
> > Restore the table field to list the table, adding the generation.
> >
> > Indica
://github.com/linux-audit/audit-kernel/issues/124
Signed-off-by: Richard Guy Briggs
---
Changelog:
v3:
- fix function braces, reduce parameter scope
- pre-allocate nft_audit_data per table in step 1, bail on ENOMEM
v2:
- convert NFT ops to array indicies in nft2audit_op[]
- use linux lists
- use
On 2021-03-22 23:57, Pablo Neira Ayuso wrote:
> On Mon, Mar 22, 2021 at 04:49:04PM -0400, Richard Guy Briggs wrote:
> > diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
> > index c1eb5cdb3033..42ba44890523 100644
> > --- a/net/netfilter/nf_table
://github.com/linux-audit/audit-kernel/issues/124
Signed-off-by: Richard Guy Briggs
---
Changelog
v2:
- convert NFT ops to array indicies in nft2audit_op[]
- use linux lists
- use functions for each of collection and logging of audit data
---
include/linux/audit.h | 28 +++
net
uot;do { } while (0)" instead, and change a
> few more that were (void)0, for consistency.
>
> Signed-off-by: Arnd Bergmann
Acked-by: Richard Guy Briggs
> ---
> v2: convert two more macros
> ---
> kernel/audit.h | 12 ++--
> 1 file changed, 6 insertions(+)
On 2021-03-22 17:28, Arnd Bergmann wrote:
> On Mon, Mar 22, 2021 at 3:33 PM Richard Guy Briggs wrote:
> > > Change the macros to use the usual "do { } while (0)" instead, and change
> > > a
> > > few more that were (void)0, for consistency.
>
ut_tree(tree) do { } while (0)
> #define audit_tag_tree(old, new) -EINVAL
> #define audit_tree_path(rule) "" /* never called */
> #define audit_kill_trees(context) BUG()
> --
> 2.29.2
>
- RGB
--
Richard Guy Briggs
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635
On 2021-03-19 13:52, Phil Sutter wrote:
> On Thu, Mar 18, 2021 at 02:37:03PM -0400, Richard Guy Briggs wrote:
> > On 2021-03-18 17:30, Phil Sutter wrote:
> [...]
> > > Why did you leave the object-related logs in place? They should reappear
> > > at commit time
Describe the /proc/PID/loginuid interface in Documentation/ABI/stable that
was added 2005-02-01 by commit 1e2d1492e178 ("[PATCH] audit: handle
loginuid through proc")
Signed-off-by: Richard Guy Briggs
---
Documentation/ABI/stable/procfs-audit_loginuid | 15 +++
1 file c
Describe the /proc/PID/loginuid interface in Documentation/ABI/stable that
was added 2008-03-13 in commit 1e0bd7550ea9 ("[PATCH] export sessionid
alongside the loginuid in procfs")
Signed-off-by: Richard Guy Briggs
---
Documentation/ABI/stable/procfs-audit_loginuid | 12 ++
Add Documentation/ABI entries for audit interfaces in /proc/PID/ that have
been stable for more than a decade.
Richard Guy Briggs (2):
audit: document /proc/PID/loginuid
audit: document /proc/PID/sessionid
.../ABI/stable/procfs-audit_loginuid | 27 +++
1 file
On 2021-03-18 17:30, Phil Sutter wrote:
> Hi,
>
> On Thu, Mar 18, 2021 at 11:39:52AM -0400, Richard Guy Briggs wrote:
> > Reduce logging of nftables events to a level similar to iptables.
> > Restore the table field to list the table, adding the generation.
>
> Th
://github.com/linux-audit/audit-kernel/issues/124
Signed-off-by: Richard Guy Briggs
---
include/linux/audit.h | 29
net/netfilter/nf_tables_api.c | 132 +-
2 files changed, 78 insertions(+), 83 deletions(-)
diff --git a/include/linux/audit.h b
On 2021-03-18 11:48, Christian Brauner wrote:
> [+Cc Aleksa, the author of openat2()]
Ah! Thanks for pulling in Aleksa. I thought I caught everyone...
> and a comment below. :)
Same...
> On Wed, Mar 17, 2021 at 09:47:17PM -0400, Richard Guy Briggs wrote:
> > The openat2(2) sy
On 2021-03-18 11:52, Christian Brauner wrote:
> On Thu, Mar 18, 2021 at 11:48:45AM +0100, Christian Brauner wrote:
> > On Wed, Mar 17, 2021 at 09:47:17PM -0400, Richard Guy Briggs wrote:
> > > The openat2(2) syscall was added in kernel v5.6 with commit fddb5d430ad9
> > >
Describe the /proc/PID/loginuid interface in Documentation/ABI/stable that
was added 2008-03-13 in commit 1e0bd7550ea9 ("[PATCH] export sessionid
alongside the loginuid in procfs")
Signed-off-by: Richard Guy Briggs
---
Documentation/ABI/stable/procfs-audit_loginuid | 12 ++
Add Documentation/ABI entries for audit interfaces in /proc/PID/ that have
been stable for more than a decade.
Richard Guy Briggs (2):
audit: document /proc/PID/loginuid
audit: document /proc/PID/sessionid
.../ABI/stable/procfs-audit_loginuid | 27 +++
1 file
Describe the /proc/PID/loginuid interface in Documentation/ABI/stable that
was added 2005-02-01 by commit 1e2d1492e178 ("[PATCH] audit: handle
loginuid through proc")
Signed-off-by: Richard Guy Briggs
---
Documentation/ABI/stable/procfs-audit_loginuid | 15 +++
1 file c
Add files maintaned by the audit subsystem.
Files from arch/*/*/*audit*.[ch] and arch/x86/include/asm/audit.h were not
added due to concern of the list not holding up over time. There exist
already exceptions that caused the need for this specificity.
Signed-off-by: Richard Guy Briggs
The openat2(2) syscall was added in kernel v5.6 with commit fddb5d430ad9
("open: introduce openat2(2) syscall")
Add the openat2(2) syscall to the audit syscall classifier.
See the github issue
https://github.com/linux-audit/audit-kernel/issues/67
Signed-off-by: Richard Guy Briggs
/tree/ghau-openat2
Supporting test case can be found in
https://github.com/linux-audit/audit-testsuite/pull/103
Richard Guy Briggs (2):
audit: add support for the openat2 syscall
audit: add OPENAT2 record to list how
arch/alpha/kernel/audit.c | 2 ++
arch/ia64/kernel/audit.c
fsgid=0
tty=ttyS0 ses=1 comm="openat2"
exe="/root/rgb/git/audit-testsuite/tests/syscalls_file/openat2"
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
key="testsuite-1616012933-bjAUcEPO"
Signed-off-by: Richard Guy Briggs
---
fs/open.c |
On 2021-03-12 14:15, Paul Moore wrote:
> On Thu, Mar 11, 2021 at 11:41 AM Richard Guy Briggs wrote:
> > Describe the /proc/PID/loginuid interface in Documentation/ABI/stable that
> > was added 2005-02-01 by commit 1e2d1492e178 ("[PATCH] audit: handle
> > loginuid through
On 2021-03-12 16:38, Paul Moore wrote:
> On Thu, Mar 11, 2021 at 11:41 AM Richard Guy Briggs wrote:
> > Add files maintaned by the audit subsystem.
> >
> > Signed-off-by: Richard Guy Briggs
> > ---
> > MAINTAINERS | 4
> > 1 file changed, 4 insertion
Describe the /proc/PID/loginuid interface in Documentation/ABI/stable that
was added 2008-03-13 in commit 1e0bd7550ea9 ("[PATCH] export sessionid
alongside the loginuid in procfs")
Signed-off-by: Richard Guy Briggs
---
Documentation/ABI/stable/procfs-audit_loginuid | 12 ++
Add Documentation/ABI entries for audit interfaces in /proc/PID/ that have
been stable for more than a decade.
Richard Guy Briggs (2):
audit: document /proc/PID/loginuid
audit: document /proc/PID/sessionid
.../ABI/stable/procfs-audit_loginuid | 27 +++
1 file
Describe the /proc/PID/loginuid interface in Documentation/ABI/stable that
was added 2005-02-01 by commit 1e2d1492e178 ("[PATCH] audit: handle
loginuid through proc")
Signed-off-by: Richard Guy Briggs
---
Documentation/ABI/stable/procfs-audit_loginuid | 15 +++
1 file c
Add files maintaned by the audit subsystem.
Signed-off-by: Richard Guy Briggs
---
MAINTAINERS | 4
1 file changed, 4 insertions(+)
diff --git a/MAINTAINERS b/MAINTAINERS
index 6eff4f720c72..a17532559665 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -3015,9 +3015,13 @@ L: linux-au
Remove the list parameter from the function call since the exit filter
list is the only remaining list used by this function.
This cleans up commit 5260ecc2e048
("audit: deprecate the AUDIT_FILTER_ENTRY filter")
Signed-off-by: Richard Guy Briggs
---
kernel/auditsc.c | 11 -
On 2021-02-19 01:26, Richard Guy Briggs wrote:
> On 2021-02-18 23:42, Florian Westphal wrote:
> > Richard Guy Briggs wrote:
> > > > If they appear in a batch tehy will be ignored, if the batch consists of
> > > > such non-modifying ops only then nf_tables_commi
On 2021-02-18 23:42, Florian Westphal wrote:
> Richard Guy Briggs wrote:
> > > If they appear in a batch tehy will be ignored, if the batch consists of
> > > such non-modifying ops only then nf_tables_commit() returns early
> > > because the transaction list
On 2021-02-18 13:52, Florian Westphal wrote:
> Richard Guy Briggs wrote:
> > On 2021-02-18 09:22, Florian Westphal wrote:
> > > > It seems I'd need to filter out the NFT_MSG_GET_* ops.
> > >
> > > No need, the GET ops do not cause changes and w
On 2021-02-18 13:52, Florian Westphal wrote:
> Richard Guy Briggs wrote:
> > On 2021-02-18 09:22, Florian Westphal wrote:
> > > No. There is a hierarchy, e.g. you can't add a chain without first
> > > adding a table, BUT in case the table was already created by
On 2021-02-18 09:22, Florian Westphal wrote:
> Richard Guy Briggs wrote:
> > On 2021-02-11 23:09, Florian Westphal wrote:
> > > So, if just a summary is needed a single audit_log_nfcfg()
> > > after 'step 3' and outside of the list_for_each_entry_safe() is
On 2021-02-11 23:09, Florian Westphal wrote:
> Richard Guy Briggs wrote:
> > > > I personally would notify once per transaction. This is easy and quick.
> >
> > This was the goal. iptables was atomic. nftables appears to no longer
> > be so. If I have this
is the most common
> place for a change notification. In nftables, the most common one is
> generation dump - all tables are treated as elements of the same
> ruleset, not individually like in xtables.
>
> Richard, assuming the above is correct, are you fine with reducing
> nftable
On 2021-02-11 15:26, Richard Guy Briggs wrote:
> On 2021-02-11 11:29, Paul Moore wrote:
> > On Thu, Feb 11, 2021 at 10:16 AM Phil Sutter wrote:
> > > Hi,
> > >
> > > On Thu, Jun 04, 2020 at 09:20:49AM -0400, Richard Guy Briggs wrote:
> > > > i
On 2021-02-11 11:29, Paul Moore wrote:
> On Thu, Feb 11, 2021 at 10:16 AM Phil Sutter wrote:
> > Hi,
> >
> > On Thu, Jun 04, 2020 at 09:20:49AM -0400, Richard Guy Briggs wrote:
> > > iptables, ip6tables, arptables and ebtables table registration,
> > > repla
On 2021-01-26 10:58, Casey Schaufler wrote:
> On 1/26/2021 10:42 AM, Richard Guy Briggs wrote:
> > On 2021-01-26 08:41, Casey Schaufler wrote:
> >> Standalone audit records have the timestamp and serial number generated
> >> on the fly and as such are unique, making
it: deprecate the
AUDIT_FILTER_ENTRY filter")
Might as well also amend the function comment block to remove the
reference to syscall entry since that is no longer relevant.
> Signed-off-by: Yang Yang
Reviewed-by: Richard Guy Briggs
> ---
> kernel/auditsc.c | 8
> 1 file cha
a standalone record and its auxiliary record(s). The
> context is discarded immediately after the local associated records are
> produced.
>
> Signed-off-by: Richard Guy Briggs
> Signed-off-by: Casey Schaufler
> Cc: linux-au...@redhat.com
> To: Richard Guy Briggs
This has been
to reflect the new record request and reply type.
An older userspace won't break since it won't know to request this
record type.
Signed-off-by: Richard Guy Briggs
---
Acks from nhorman/omosnace should have been added in v6.
Acks dropped due to restructure audit_sig_info2 for nesting
amespace B. An
event happens in network namespace B:
type=NETFILTER_PKT ...
type=CONTAINER_ID msg=audit(:): contid=2,^1,3,^1
Signed-off-by: Richard Guy Briggs
---
kernel/audit.c | 75 +-
1 file changed, 62 insertions(+), 13 deletions(-)
diff
ned-off-by: Richard Guy Briggs
---
.../ABI/testing/procfs-audit_containerid | 16 +
fs/proc/base.c| 54 +++
include/linux/audit.h | 4 +-
include/uapi/linux/audit.h| 1 +
kern
ee the github audit wiki for the feature overview:
https://github.com/linux-audit/audit-kernel/wiki/RFE-Audit-Container-ID
Signed-off-by: Richard Guy Briggs
---
Acks removed due to redo rcu/spin locking:
Acked-by: Neil Horman
Reviewed-by: Ondrej Mosnacek
---
include/linux/audit.h| 17 +++
k
orchestrator as the one that set it so it is not
possible to change the contid of another orchestrator's container.
Since the task_is_descendant() function is used in YAMA and in audit,
remove the duplication and pull the function into kernel/core/sched.c
Signed-off-by: Richard Guy B
audit testsuiite issue for the test case:
https://github.com/linux-audit/audit-testsuite/issues/64
Please see the github audit wiki for the feature overview:
https://github.com/linux-audit/audit-kernel/wiki/RFE-Audit-Container-ID
Signed-off-by: Richard Guy Briggs
Acked-by: Serge Hallyn
Acked-by
ked by timestamp and serial.
Signed-off-by: Richard Guy Briggs
Acked-by: Serge Hallyn
Acked-by: Neil Horman
Reviewed-by: Ondrej Mosnacek
---
include/linux/audit.h | 8
kernel/audit.h| 1 +
kernel/auditsc.c | 31 ++-
3 files changed, 35 insert
Add audit container identifier auxiliary record to user event standalone
records.
Signed-off-by: Richard Guy Briggs
Acked-by: Neil Horman
Reviewed-by: Ondrej Mosnacek
---
kernel/audit.c | 12 +---
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/kernel/audit.c b/kernel
nux-audit/audit-userspace/issues/51
Please see the github audit testsuiite issue for the test case:
https://github.com/linux-audit/audit-testsuite/issues/64
Please see the github audit wiki for the feature overview:
https://github.com/linux-audit/audit-kernel/wiki/RFE-Audit-Container-ID
S
issue for the test case:
https://github.com/linux-audit/audit-testsuite/issues/64
Please see the github audit wiki for the feature overview:
https://github.com/linux-audit/audit-kernel/wiki/RFE-Audit-Container-ID
Signed-off-by: Richard Guy Briggs
---
Acks dropped due to log drop added 7.3, r
nel/issues/90
Signed-off-by: Richard Guy Briggs
---
Acks removed due to significant code changes hiding audit task struct:
Acked-by: Neil Horman
Reviewed-by: Ondrej Mosnacek
---
fs/io-wq.c| 8 +--
fs/io_uring.c | 16 ++---
include/linux/audit.h | 49 +-
inc
ainerid to contid
- convert initial container record to syscall aux
- fix spelling mistake of contidion in net/rfkill/core.c to avoid contid name
collision
v2
- add check for children and threads
- add network namespace container identifier list
- add NETFILTER_PKT audit container identifier logging
On 2020-12-21 12:14, Paul Moore wrote:
> On Mon, Dec 21, 2020 at 11:57 AM Richard Guy Briggs wrote:
> >
> > The audit-related parameters in struct task_struct should ideally be
> > collected together and accessed through a standard audit API and the audit
> > stru
-audit/audit-userspace/issues/51
See: https://github.com/linux-audit/audit-kernel/issues/90
See: https://github.com/linux-audit/audit-testsuite/issues/64
See: https://github.com/linux-audit/audit-kernel/wiki/RFE-Audit-Container-ID
Signed-off-by: Richard Guy Briggs
---
lib/libaudit.h | 4
lib
See: https://github.com/linux-audit/audit-kernel/wiki/RFE-Audit-Container-ID
Add the audit_get_capcontid() and audit_set_capcontid() calls analogous
to CAP_AUDIT_CONTROL for descendant user namespaces.
Signed-off-by: Richard Guy Briggs
---
auparse/normalize.c| 1 +
auparse
:18.746:1690) :
contid=777,666,333
Signed-off-by: Richard Guy Briggs
---
src/ausearch-report.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/ausearch-report.c b/src/ausearch-report.c
index 416c2b13fa6a..754b28af2cb6 100644
--- a/src/ausearch-report.c
+++ b/src
Now that the kernel is able to track container nesting ("audit: track
container nesting"), convert the ausearch internals to parse and track
the compound list of contids stored in their native u64 format for
faster and more efficient processing.
Signed-off-by: Richard Guy Briggs
Add support to ausearch for searching on the containerid field in
records.
Signed-off-by: Richard Guy Briggs
---
src/aureport-options.c | 1 +
src/ausearch-llist.c | 2 ++
src/ausearch-llist.h | 1 +
src/ausearch-match.c | 3 +++
src/ausearch-options.c | 48
;
uint64_tcid;
charctx[];
};
Signed-off-by: Richard Guy Briggs
---
auparse/auditd-config.c | 1 +
docs/audit_request_signal_info.3 | 15 -
lib/libaudit.c | 56 +++-
lib/libaudit.h | 16
Signed-off-by: Richard Guy Briggs
---
auparse/auparse-defs.h | 3 ++-
auparse/interpret.c | 10 ++
auparse/normalize_record_map.h | 2 ++
auparse/typetab.h| 2 ++
bindings/python/auparse_python.c | 1 +
5 files changed, 17 insertions(+), 1
Add the audit_get_containerid() call analogous to audit_getloginuid()
and audit_get_session() calls to get our own audit container identifier.
This is intended as a debug patch, not to be upstreamed.
Signed-off-by: Richard Guy Briggs
---
docs/Makefile.am | 2 +-
docs
Signed-off-by: Richard Guy Briggs
---
src/auditd-event.c| 20 +++-
src/auditd-reconfig.c | 2 --
2 files changed, 15 insertions(+), 7 deletions(-)
diff --git a/src/auditd-event.c b/src/auditd-event.c
index e6b2a961f02b..800f4d83bc83 100644
--- a/src/auditd-event.c
+++ b/src
tion.
See: https://github.com/linux-audit/audit-userspace/issues/40
See: https://github.com/linux-audit/audit-kernel/issues/91
See: https://github.com/linux-audit/audit-testsuite/issues/64
See: https://github.com/linux-audit/audit-kernel/wiki/RFE-Audit-Container-ID
Signed-off-by: Richard Guy Briggs
/90
See: https://github.com/linux-audit/audit-testsuite/issues/64
See: https://github.com/linux-audit/audit-kernel/wiki/RFE-Audit-Container-ID
Signed-off-by: Richard Guy Briggs
---
lib/libaudit.h| 4
lib/msg_typetab.h | 1 +
2 files changed, 5 insertions(+)
diff --git a/lib/libaudit.h b
AUDIT_CONTAINER, AUDIT_CONTAINER_INFO, ausearch,
normalization
Richard Guy Briggs (11):
AUDIT_CONTAINER_OP message type basic support
AUDIT_CONTAINER_ID message type basic support
auditctl: add support for AUDIT_CONTID filter
add ausearch containerid support
start normalization containerid sup
ned-off-by: Richard Guy Briggs
---
.../ABI/testing/procfs-audit_containerid | 16 +
fs/proc/base.c| 54 +++
include/linux/audit.h | 4 +-
include/uapi/linux/audit.h| 1 +
kern
amespace B. An
event happens in network namespace B:
type=NETFILTER_PKT ...
type=CONTAINER_ID msg=audit(:): contid=2,^1,3,^1
Signed-off-by: Richard Guy Briggs
---
kernel/audit.c | 75 +-
1 file changed, 62 insertions(+), 13 deletions(-)
diff
orchestrator as the one that set it so it is not
possible to change the contid of another orchestrator's container.
Since the task_is_descendant() function is used in YAMA and in audit,
remove the duplication and pull the function into kernel/core/sched.c
Signed-off-by: Richard Guy B
://github.com/linux-audit/audit-kernel/wiki/RFE-Audit-Container-ID
Signed-off-by: Richard Guy Briggs
Acked-by: Neil Horman
Reviewed-by: Ondrej Mosnacek
---
include/linux/audit.h| 17 +++
kernel/audit.c | 229 ++-
kernel/nsproxy.c | 4 +
net
audit testsuiite issue for the test case:
https://github.com/linux-audit/audit-testsuite/issues/64
Please see the github audit wiki for the feature overview:
https://github.com/linux-audit/audit-kernel/wiki/RFE-Audit-Container-ID
Signed-off-by: Richard Guy Briggs
Acked-by: Serge Hallyn
Acked-by
Add audit container identifier auxiliary record to user event standalone
records.
Signed-off-by: Richard Guy Briggs
Acked-by: Neil Horman
Reviewed-by: Ondrej Mosnacek
---
kernel/audit.c | 12 +---
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/kernel/audit.c b/kernel
ked by timestamp and serial.
Signed-off-by: Richard Guy Briggs
Acked-by: Serge Hallyn
Acked-by: Neil Horman
Reviewed-by: Ondrej Mosnacek
---
include/linux/audit.h | 8
kernel/audit.h| 1 +
kernel/auditsc.c | 31 ++-
3 files changed, 35 insert
the github audit testsuiite issue for the test case:
https://github.com/linux-audit/audit-testsuite/issues/64
Please see the github audit wiki for the feature overview:
https://github.com/linux-audit/audit-kernel/wiki/RFE-Audit-Container-ID
Signed-off-by: Richard Guy Briggs
Acked-by: Serge
to reflect the new record request and reply type.
An older userspace won't break since it won't know to request this
record type.
Signed-off-by: Richard Guy Briggs
---
include/linux/audit.h | 7 +++
include/uapi/linux/audit.h | 1 +
kernel/audit.c
udit-userspace/issues/51
Please see the github audit testsuiite issue for the test case:
https://github.com/linux-audit/audit-testsuite/issues/64
Please see the github audit wiki for the feature overview:
https://github.com/linux-audit/audit-kernel/wiki/RFE-Audit-Container-ID
Signed-off-by: Ri
nel/issues/90
Signed-off-by: Richard Guy Briggs
Acked-by: Neil Horman
Reviewed-by: Ondrej Mosnacek
---
fs/io-wq.c| 8 +--
fs/io_uring.c | 16 ++---
include/linux/audit.h | 49 +-
include/linux/sched.h | 7 +-
init/init_task.c | 3 +-
init/main.c
of container list funcitons
- rename containerid to contid
- convert initial container record to syscall aux
- fix spelling mistake of contidion in net/rfkill/core.c to avoid contid name
collision
v2
- add check for children and threads
- add network namespace container identifier list
- add NET
oldloginuid = from_kuid(&init_user_ns, koldloginuid);
> - loginuid = from_kuid(&init_user_ns, kloginuid),
> + loginuid = from_kuid(&init_user_ns, kloginuid);
Nice catch. That went unnoticed through 3 patches, the last two mine...
Not quite sure why no compiler complained abou
Hey Gonsolo,
It’s a pleasant to e-meet you.
My name is Guy and I’ll do my best to promote your issue.
We will probably need more information in order to make sure this issue is
assigned to the relevant engineer at Intel,
To make sure your issue gets the proper attention and prioritized
kernel/auditsc.c:82:0: warning: macro "AUDITSC_INVALID" is not used
> [-Wunused-macros]
>
> AUDIT_UNINITIALIZED and AUDITSC_INVALID are still meaningful and could
> be used in code.
"and should be incorporated"
> Just remove AUDIT_AUX_IPCPERM.
>
> Thank
On 2020-11-10 21:47, Paul Moore wrote:
> On Tue, Nov 10, 2020 at 10:23 AM Richard Guy Briggs wrote:
> > On 2020-11-06 16:31, Alex Shi wrote:
> > > Some unused macros could cause gcc warning:
> > > kernel/audit.c:68:0: warning: macro "AUDIT_UNINITIALIZED&quo
13
("AUDIT: Add message types to audit records")
Introduced here:
8e633c3fb2a2 David Woodhouse 2005-03-01
("Audit IPC object owner/permission changes.")
I agree, remove it.
> /* Number of target pids per aux struct. */
> #define AUDIT_AUX_PIDS 16
>
On 2020-10-22 21:21, Paul Moore wrote:
> On Wed, Oct 21, 2020 at 12:39 PM Richard Guy Briggs wrote:
> > Here is an exmple I was able to generate after updating the testsuite
> > script to include a signalling example of a nested audit container
> > identifier:
> >
>
On 2020-10-21 12:49, Steve Grubb wrote:
> On Wednesday, October 21, 2020 12:39:26 PM EDT Richard Guy Briggs wrote:
> > > I think I have a way to generate a signal to multiple targets in one
> > > syscall... The added challenge is to also give those targets different
On 2020-10-02 15:52, Richard Guy Briggs wrote:
> On 2020-08-21 15:15, Paul Moore wrote:
> > On Wed, Jul 29, 2020 at 3:41 PM Richard Guy Briggs wrote:
> > > On 2020-07-05 11:10, Paul Moore wrote:
> > > > On Sat, Jun 27, 2020 at 9:22 AM Rich
On 2020-08-21 16:13, Paul Moore wrote:
> On Fri, Aug 7, 2020 at 1:10 PM Richard Guy Briggs wrote:
> > On 2020-07-05 11:11, Paul Moore wrote:
> > > On Sat, Jun 27, 2020 at 9:23 AM Richard Guy Briggs
> > > wrote:
> > > > Require the target t
On 2020-08-21 15:15, Paul Moore wrote:
> On Wed, Jul 29, 2020 at 3:41 PM Richard Guy Briggs wrote:
> > On 2020-07-05 11:10, Paul Moore wrote:
> > > On Sat, Jun 27, 2020 at 9:22 AM Richard Guy Briggs
> > > wrote:
>
> ...
>
> > > > diff --git a/k
On 2020-08-21 14:48, Paul Moore wrote:
> On Wed, Jul 29, 2020 at 3:00 PM Richard Guy Briggs wrote:
> > On 2020-07-05 11:10, Paul Moore wrote:
> > > On Sat, Jun 27, 2020 at 9:22 AM Richard Guy Briggs
> > > wrote:
> > > >
> > > > Add audit conta
On 2020-09-23 10:29, Paul Moore wrote:
> On Tue, Sep 22, 2020 at 8:45 AM Richard Guy Briggs wrote:
> >
> > When there are no audit rules registered, mandatory records (config,
> > etc.) are missing their accompanying records (syscall, proctitle, etc.).
> >
> > T
-off-by: Richard Guy Briggs
---
Chagelog:
v5:
- open code audit_clear_dummy() in audit_log_start()
- fix check for ctx->pwd in audit_log_name()
- open code _audit_getcwd() contents in audit_alloc_name()
- ditch all *audit_getcwd() calls
v4:
- resubmit after revert
v3:
- initialize fds[0] t
On 2020-09-21 19:31, Paul Moore wrote:
> On Mon, Sep 21, 2020 at 3:57 PM Richard Guy Briggs wrote:
> > On 2020-09-15 12:18, Paul Moore wrote:
> > > On Thu, Sep 10, 2020 at 11:03 AM Richard Guy Briggs
> > > wrote:
> > > >
> > > > When the
On 2020-09-15 12:18, Paul Moore wrote:
> On Thu, Sep 10, 2020 at 11:03 AM Richard Guy Briggs wrote:
> >
> > When there are no audit rules registered, mandatory records (config,
> > etc.) are missing their accompanying records (syscall, proctitle, etc.).
> >
> > T
1 - 100 of 1019 matches
Mail list logo
