M and would be simply ignored by SELinux. I went over
all the security_locked_down() call in the kernel and I think this
alternative hook could also fit better in arch/powerpc/xmon/xmon.c,
where it seems to be called from interrupt context (so task creds are
irrelevant, anyway...) and mainly
commit 66f8e2f03c02 ("selinux: sidtab reverse
lookup hash table") with a different mechanism, which AFAICT doesn't
have the same issue.
If that's really it, it will likely be *very* hard to reproduce, so
you may be unable to verify the fix.
--
Ondrej Mosnacek
Software Engineer, Linux Security - SELinux kernel
Red Hat, Inc.
The following commit has been merged into the perf/core branch of tip:
Commit-ID: 08ef1af4de5fe7de9c6d69f1e22e51b66e385d9b
Gitweb:
https://git.kernel.org/tip/08ef1af4de5fe7de9c6d69f1e22e51b66e385d9b
Author:Ondrej Mosnacek
AuthorDate:Wed, 24 Feb 2021 22:56:28 +01:00
On Sat, Feb 27, 2021 at 3:35 AM Hillf Danton wrote:
> On Fri, 26 Feb 2021 12:19:35 +0100 Ondrej Mosnacek wrote:
> > On Fri, Feb 26, 2021 at 5:08 AM Hillf Danton wrote:
> > > On Thu, 25 Feb 2021 20:06:45 -0500 Paul Moore wrote:
> > > > On Wed, Feb 24, 2
On Sun, Feb 28, 2021 at 8:21 PM Paul Moore wrote:
> On Fri, Feb 26, 2021 at 6:12 AM Ondrej Mosnacek wrote:
> > On Fri, Feb 26, 2021 at 2:07 AM Paul Moore wrote:
> > > On Wed, Feb 24, 2021 at 4:35 AM Ondrej Mosnacek
> > > wrote:
> > > > After the switc
On Fri, Feb 26, 2021 at 5:08 AM Hillf Danton wrote:
> On Thu, 25 Feb 2021 20:06:45 -0500 Paul Moore wrote:
> > On Wed, Feb 24, 2021 at 4:35 AM Ondrej Mosnacek wrote:
> > > After the switch to RCU, we now have:
> > > 1. Start live conversion of new entries.
> &
On Fri, Feb 26, 2021 at 2:07 AM Paul Moore wrote:
> On Wed, Feb 24, 2021 at 4:35 AM Ondrej Mosnacek wrote:
> > After the switch to RCU, we now have:
> > 1. Start live conversion of new entries.
> > 2. Convert existing entries.
> > 3. RCU-assign the new poli
On Wed, Feb 24, 2021 at 3:43 PM Tyler Hicks wrote:
> On 2021-02-24 10:33:46, Ondrej Mosnacek wrote:
> > On Tue, Feb 23, 2021 at 11:37 PM Tyler Hicks
> > wrote:
> > > On 2021-02-23 15:50:56, Tyler Hicks wrote:
> > > > On 2021-02-23 15:43:48, Tyler Hicks wrote
generates a bogus permission check and audit record.
Fix this by checking sample_type first and only calling the hook when
its result would be honored.
Fixes: b0c8fdc7fdb7 ("lockdown: Lock down perf when in confidentiality mode")
Signed-off-by: Ondrej Mosnacek
---
kernel/events/core.
n sync while they
are both available (more complicated and with possible tricky
implications of different interpretations of contexts by the two
policies).
[1] 1b8b31a2e612 ("selinux: convert policy read-write lock to RCU")
--
Ondrej Mosnacek
Software Engineer, Linux Security - SELinux kernel
Red Hat, Inc.
shouldn't be
implemented like this.
> default
> "lockdown,yama,loadpin,safesetid,integrity,smack,selinux,tomoyo,apparmor,bpf"
> if DEFAULT_SECURITY_SMACK
> default
> "lockdown,yama,loadpin,safesetid,integrity,apparmor,selinux,smack,tomoyo,bpf"
> if DEFA
- will create a perf.data file you can analyze later
perf record -a -e avc:selinux_audited -g --call-graph=dwarf sleep infinity
# dump all collected backtraces from the perf.data file
perf script
It's a bit complicated if you want to have it running in the
background permanently as a se
{
> if [ "$EXPECT_SCRIPT" != "" ]; then
> rm $EXPECT_SCRIPT
> fi
> }
> trap cleanup EXIT
>
> EXPECT_SCRIPT=`mktemp`
> cat > $EXPECT_SCRIPT < spawn sh ./SEND
> expect {
> "Send this email" { sleep
sponsibility to adapt to the newly added code when/if I rebase
and respin my patch.
>
> > + for (i = 0; i < __POLICYDB_CAPABILITY_MAX; i++) {
> > + curr += snprintf((buf + curr), (buf_len - curr), str_fmt,
> > +selinux_policycap_names[i],
> > +state->policycap[i]);
>
> Ditto.
>
--
Ondrej Mosnacek
Software Engineer, Platform Security - SELinux kernel
Red Hat, Inc.
ay to first
get the decision value and only trigger the auditing when it was
actually used in the decision, so in complex scenarios like this the
caller needs to jump through some hoops to avoid such false-positive
denial records.
--
Ondrej Mosnacek
Software Engineer, Platform Security - SELinux kernel
Red Hat, Inc.
dc00
> FS: 7f292d4ef700() GS:8880ae90() knlGS:
> CS: 0010 DS: ES: CR0: 80050033
> CR2: 7fef820e7000 CR3: 937fd000 CR4: 001506e0
> DR0: DR1: DR2:
> DR3: DR6: fffe0ff0 DR7: 0400
>
--
Ondrej Mosnacek
Software Engineer, Platform Security - SELinux kernel
Red Hat, Inc.
y load and converting the policy rwlock to RCU.
Yeah, and I'm experimenting with a patch on top of Stephen's RCU work
that would allow you to do this in a straightforward way without even
messing with the fsi->mutex. My patch may or may not be eventually
committed, but either way I'd recommend holding off on this for a
while until the dust settles around the RCU conversion.
--
Ondrej Mosnacek
Software Engineer, Platform Security - SELinux kernel
Red Hat, Inc.
On Fri, Jun 19, 2020 at 3:13 PM KP Singh wrote:
> Hi,
>
> On Fri, Jun 19, 2020 at 2:49 PM Ondrej Mosnacek wrote:
> >
> > On Wed, May 20, 2020 at 2:56 PM KP Singh wrote:
> > > From: KP Singh
> > >
> > > secid_to_secctx is not stackable, and since
nters, or (if you really really need to do some state
updates/logging in those hooks) use wrapper functions that will call
the BPF progs via a simplified interface so that they cannot cause
unsafe behavior.
--
Ondrej Mosnacek
Software Engineer, Platform Security - SELinux kernel
Red Hat, Inc.
undant. Instead just return the error code.
>
> Fixes: 60abd3181db2 ("selinux: convert cond_list to array")
>
> Signed-off-by: Tom Rix
Reviewed-by: Ondrej Mosnacek
Thanks!
--
Ondrej Mosnacek
Software Engineer, Platform Security - SELinux kernel
Red Hat, Inc.
is usually sorted out based on the context of the patch, and if
> needed, a discussion on-list.
Yes, it is normally not necessary, but I wouldn't discourage people
from providing the info if they want to / are used to do that. It can
be really useful in some situations, especially in case of
cross-subsystem changes that are sent to many mailing lists. But of
course this information belongs either to the cover letter or in case
of single patches to the "informational" section between "---" and
"diff --git [...]".
--
Ondrej Mosnacek
Software Engineer, Platform Security - SELinux kernel
Red Hat, Inc.
eturn rc;
> rc = cond_read_av_list(p, fp, &node->false_list, &node->true_list);
> - if (rc)
> - goto err;
> - return 0;
> -err:
> - cond_node_destroy(node);
> return rc;
Also here you can skip the rc assignment:
c" in the error path, can you please
replace all the gotos with plain return statements? And please also
add a Fixes: tag pointing to the commit that introduced the bug (see
Stephen's reply).
Thanks,
--
Ondrej Mosnacek
Software Engineer, Platform Security - SELinux kernel
Red Hat, Inc.
nge either, I just
wanted to state my opinion in case my reply to the syzbot report [1]
gave the impression that I considered the "misattribution" as
something that needs to be fixed :)
[1]
https://lore.kernel.org/selinux/CAFqZXNvf+oJs9u4H97u7=jtl2wo_hkf4nzdzjld7tnc_j0k...@mail.gmail.com/
--
Ondrej Mosnacek
Software Engineer, Security Technologies
Red Hat, Inc.
;
>
> ---
> This bug is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkal...@googlegroups.com.
>
> syzbot will keep track of this bug report. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
> syzbot can test patches for this bug, for details see:
> https://goo.gl/tpsmEJ#testing-patches
>
--
Ondrej Mosnacek
Software Engineer, Security Technologies
Red Hat, Inc.
On Tue, Jul 23, 2019 at 4:54 PM Jann Horn wrote:
> On Mon, Jul 22, 2019 at 3:44 PM Ondrej Mosnacek wrote:
> > On Mon, Jul 22, 2019 at 1:35 PM NitinGote wrote:
> > > refcount_t type and corresponding API should be
> > > used instead of atomic_t when the variable i
> + refcount_set(¶ms->target->count, count);
>
> /* enable live convert of new entries */
> s->convert = params;
> diff --git a/security/selinux/ss/sidtab.h b/security/selinux/ss/sidtab.h
> index bbd5c0d1f3bd..68dd96a5beba 100644
> --- a/security/selinux/ss/sidtab.h
> +++ b/security/selinux/ss/sidtab.h
> @@ -70,7 +70,7 @@ struct sidtab_convert_params {
>
> struct sidtab {
> union sidtab_entry_inner roots[SIDTAB_MAX_LEVEL + 1];
> - atomic_t count;
> + refcount_t count;
> struct sidtab_convert_params *convert;
> spinlock_t lock;
>
> --
> 2.17.1
>
Thanks,
--
Ondrej Mosnacek
Software Engineer, Security Technologies
Red Hat, Inc.
ang
> Fixes: 99dbbb593fe6 ("selinux: rewrite selinux_sb_eat_lsm_opts()")
My comments about the subject and an empty line before label apply
here as well, but Paul can fix both easily when applying, so:
Reviewed-by: Ondrej Mosnacek
> ---
> diff --git a/security/selinux/hooks.c b/
uot;lsm: " from the subject - it is redundant
and doesn't follow the SELinux convention. See `git log --oneline --
security/selinux/` for what the subjects usually look like - mostly we
just go with "selinux: " (or "LSM: " when
the changes affect the shared LSM inter
On Sat, Jun 1, 2019 at 4:15 AM Gen Zhang wrote:
> In selinux_sb_eat_lsm_opts(), 'arg' is allocated by kmemdup_nul(). It
> returns NULL when fails. So 'arg' should be checked. And 'mnt_opts'
> should be freed when error.
>
> Signed-off-by: Gen Z
On Sat, Jun 1, 2019 at 4:15 AM Gen Zhang wrote:
> In selinux_sb_eat_lsm_opts(), 'arg' is allocated by kmemdup_nul(). It
> returns NULL when fails. So 'arg' should be checked. And 'mnt_opts'
> should be freed when error.
>
> Signed-off-by: Gen Zhang
&
NOMEM;
> }
> rc = selinux_add_opt(token, arg, mnt_opts);
> if (unlikely(rc)) {
Looking at the callers of security_sb_eat_lsm_opts() (which is the
function that eventually calls the selinux_sb_eat_lsm_opts() hook),
-ENOMEM
val = kmemdup_nul(val, len, GFP_KERNEL);
> + if (!val)
> + return -ENOMEM;
There is one extra tab character in the above three lines ^^^
> + }
> rc = selinux_add_opt(token, val, mnt_opts);
> if (unlikely(rc)) {
&g
}
> rc = selinux_add_opt(token, arg, mnt_opts);
> if (unlikely(rc)) {
--
Ondrej Mosnacek
Software Engineer, Security Technologies
Red Hat, Inc.
On Thu, Apr 18, 2019 at 11:07 AM Thomas Gleixner wrote:
> On Thu, 18 Apr 2019, Miroslav Lichvar wrote:
> > On Wed, Apr 17, 2019 at 11:00:23AM +0200, Ondrej Mosnacek wrote:
> > > On Wed, Apr 17, 2019 at 10:48 AM Miroslav Lichvar
> > > wrote:
> > > > Chang
it back to the initial value.
>
> Cc: Thomas Gleixner
> Cc: John Stultz
> Cc: Richard Cochran
> Cc: Prarit Bhargava
> Suggested-by: Ondrej Mosnacek
> Signed-off-by: Miroslav Lichvar
Thanks for sending the patch! Maybe you (or the committer) could
consider adding:
Fixes: 153
On Mon, Apr 8, 2019 at 10:47 AM Ondrej Mosnacek wrote:
> Hello,
>
> while writing tests for clock adjustment auditing [1] [2], I stumbled
> upon a strange behavior of adjtimex(2) when setting the TAI offset...
>
> Commit 153b5d054ac2 ("ntp: support for TAI") added a
/wiki/RFE-More-detailed-auditing-of-changes-to-system-clock
--
Ondrej Mosnacek
Software Engineer, Security Technologies
Red Hat, Inc.
On Thu, Mar 28, 2019 at 12:27 AM John Stultz wrote:
> On Thu, Mar 7, 2019 at 4:33 AM Ondrej Mosnacek wrote:
> >
> > Emit an audit record whenever the system clock is changed (i.e. shifted
> > by a non-zero offset) by a syscall from userspace. The syscalls than can
> &
On Thu, Mar 28, 2019 at 1:02 AM Thomas Gleixner wrote:
> On Thu, 7 Mar 2019, Ondrej Mosnacek wrote:
>
> > Emit an audit record every time selected NTP parameters are modified
> > from userspace (via adjtimex(2) or clock_adjtime(2)).
> >
> > Such events wil
On Mon, Mar 25, 2019 at 6:06 PM Ondrej Mosnacek wrote:
> On Mon, Mar 25, 2019 at 4:17 PM Paul Moore wrote:
> > Ondrej, please look into this.
> >
> > You've looked at this code more recently than I have, but it looks
> > like there might be an issue with __kernfs_
600 with crng_init=1
> > [ 32.632973] random: get_random_u64 called from
> > arch_pick_mmap_layout+0x446/0x600 with crng_init=1
> > [ 32.637364] random: get_random_u64 called from
> > load_elf_binary+0x1281/0x2f30 with crng_init=1
> > Starting Login Service...
> > Starting LSB: Start and stop bmc-watchdog...
> > Starting LSB: Execute the kexec -e command to reboot system...
> >
> >
> > To reproduce:
> >
> > # build kernel
> > cd linux
> > cp config-5.1.0-rc1-00010-ge19dfdc .config
> > make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 olddefconfig
> > make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 prepare
> > make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 modules_prepare
> > make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 SHELL=/bin/bash
> > make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 bzImage
> >
> >
> > git clone https://github.com/intel/lkp-tests.git
> > cd lkp-tests
> > find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
> > bin/lkp qemu -k -m modules.cgz job-script # job-script is
> > attached in this email
> >
> >
> >
> >
> > Thanks,
> > Rong Chen
> >
>
>
> --
> paul moore
> www.paul-moore.com
--
Ondrej Mosnacek
Software Engineer, Security Technologies
Red Hat, Inc.
o remove the assignments entirely. I'll
send a patch that does that tomorrow.
> } else {
> rc = context_struct_to_string(policydb, context, scontext,
> --
> 2.7.4
>
Anyway, thank you for catching the mistake! One more reminder for me
to finally install s
another trivial mistake on my part...
Acked-by: Ondrej Mosnacek
Thanks for catching that!
> ---
> security/selinux/hooks.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index ab4b049..b6e6152 1006
ght now this is a no-op, because
both kvcalloc() and ebitmap_init() just zero out the whole struct, but
let's rather not rely on a specific implementation.
Reported-by: syzbot+a57b2aff60832666f...@syzkaller.appspotmail.com
Fixes: acdf52d97f82 ("selinux: convert to kvmalloc")
Sig
On Fri, Mar 8, 2019 at 9:26 PM Richard Guy Briggs wrote:
> On 2019-03-07 13:32, Ondrej Mosnacek wrote:
> > This patchset implements auditing of (syscall-triggered) changes that
> > can modify or indirectly affect the system clock. Some of these
> > changes can already
inform userspace applications
(NOT AUDITED)
time_constant -- controls the speed of the clock adjustments that
are made when time_offset is set (NOT AUDITED)
time_adjust -- can temporarily speed up or slow down
s above are from *after* the syscall was
executed, so they contain the current (new) values as set from the
kernel, except of the 'modes' field, which contains the original value
sent by the caller.)
Signed-off-by: Ondrej Mosnacek
---
include/linux/audit.h | 15 +++
i
edhat.com/archives/linux-audit/2018-June/msg00095.html
[1] https://www.niap-ccevs.org/MMO/PP/pp_ca_v2.1.pdf -- section 5.1,
table 4
Ondrej Mosnacek (2):
timekeeping: Audit clock adjustments
ntp: Audit NTP parameters adjustment
include/linux/audit.h | 29 ++
> has been disabled by kernel_fpu_begin().
>
> Fix these bugs.
>
> Fixes: 56e8e57fc3a7 ("crypto: morus - Add common SIMD glue code for MORUS")
> Cc: # v4.18+
> Cc: Ondrej Mosnacek
> Signed-off-by: Eric Biggers
Reviewed-by: Ondrej Mosnacek
> ---
> arch/x86/
> has been disabled by kernel_fpu_begin().
>
> Fix these bugs.
>
> Fixes: 1d373d4e8e15 ("crypto: x86 - Add optimized AEGIS implementations")
> Cc: # v4.18+
> Cc: Ondrej Mosnacek
> Signed-off-by: Eric Biggers
Reviewed-by: Ondrej Mosnacek
> ---
> arch/x86/
es 'nbytes' not
> aligned to the walksize (a.k.a. walk.stride), then it is the end of the
> data. In fact, this can happen before the end. Fix them.
>
> Fixes: f606a88e5823 ("crypto: aegis - Add generic AEGIS AEAD implementations")
> Cc: # v4.18+
> Cc: Ondrej
es 'nbytes' not
> aligned to the walksize (a.k.a. walk.stride), then it is the end of the
> data. In fact, this can happen before the end. Fix them.
>
> Fixes: 396be41f16fd ("crypto: morus - Add generic MORUS AEAD implementations")
> Cc: # v4.18+
> Cc: Ondrej
This include is not needed (fs/sysfs/file.c builds just fine without
it). Remove it.
Cc: Tejun Heo
Signed-off-by: Ondrej Mosnacek
---
fs/sysfs/file.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/fs/sysfs/file.c b/fs/sysfs/file.c
index 52d9235e0291..130fc6fbcc03 100644
--- a/fs/sysfs
Add generic MORUS AEAD implementations")
> Cc: # v4.18+
> Cc: Ondrej Mosnacek
> Signed-off-by: Eric Biggers
> ---
> crypto/morus1280.c | 13 +++--
> crypto/morus640.c | 13 +++--
> 2 files changed, 14 insertions(+), 12 deletions(-)
>
> diff
On Mon, Dec 3, 2018 at 10:56 PM Al Viro wrote:
> On Mon, Dec 03, 2018 at 11:12:59AM +0100, Ondrej Mosnacek wrote:
>
> > I think I figured out what's the problem. NFS still creates the
> > submount via the old vfs_submount() call, which calls
> > vfs_kern_mount(), whi
On Sun, Dec 2, 2018 at 10:13 AM Ondrej Mosnacek wrote:
> On Sat, Dec 1, 2018 at 10:32 PM Ondrej Mosnacek wrote:
> > On Thu, Nov 29, 2018 at 11:07 AM Ondrej Mosnacek
> > wrote:
> > > On Wed, Nov 28, 2018 at 10:52 PM Paul Moore wrote:
> > > > On Tue, Nov
On Sat, Dec 1, 2018 at 10:32 PM Ondrej Mosnacek wrote:
> On Thu, Nov 29, 2018 at 11:07 AM Ondrej Mosnacek wrote:
> > On Wed, Nov 28, 2018 at 10:52 PM Paul Moore wrote:
> > > On Tue, Nov 27, 2018 at 6:50 AM Stephen Rothwell
> > > wrote:
> > > > Hi Ondrej,
On Thu, Nov 29, 2018 at 11:07 AM Ondrej Mosnacek wrote:
> On Wed, Nov 28, 2018 at 10:52 PM Paul Moore wrote:
> > On Tue, Nov 27, 2018 at 6:50 AM Stephen Rothwell
> > wrote:
> > > Hi Ondrej,
> > >
> > > On Tue, 27 Nov 2018 09:53:32 +0100 Ondrej
On Fri, Nov 30, 2018 at 4:10 PM David Howells wrote:
> Ondrej Mosnacek wrote:
>
> > - if (fc->purpose == FS_CONTEXT_FOR_KERNEL_MOUNT)
> > + if (fc->purpose == (FS_CONTEXT_FOR_KERNEL_MOUNT|FS_CONTEXT_FOR_SUBMOUNT))
>
> It's not a bitmask, so you can't do
On Wed, Nov 28, 2018 at 10:52 PM Paul Moore wrote:
> On Tue, Nov 27, 2018 at 6:50 AM Stephen Rothwell
> wrote:
> > Hi Ondrej,
> >
> > On Tue, 27 Nov 2018 09:53:32 +0100 Ondrej Mosnacek
> > wrote:
> > >
> > > Hm... seems that there was some mas
On Tue, Nov 27, 2018 at 9:53 AM Ondrej Mosnacek wrote:
> On Tue, Nov 27, 2018 at 1:52 AM Stephen Rothwell
> wrote:
> > Hi Paul,
> >
> > Today's linux-next merge of the selinux tree got a conflict in:
> >
> > security/selinux/hooks.c
> >
> >
el/git/viro/vfs.git/tree/security/selinux/hooks.c?h=for-next#n3131
It seems that the logic is still the same, just now our patch (or the
VFS one) needs to be updated to change the above line as such
(untested pseudo-patch):
- if (fc->purpose == FS_CONTEXT_FOR_KERNEL_MOUNT)
+ if (fc->purpose == (
52930fd3b9 ("selinux: Add SCTP support")
Cc: # 4.17+
Cc: Richard Haines
Signed-off-by: Ondrej Mosnacek
---
Hi,
On Mon, Nov 12, 2018 at 8:39 PM Qian Cai wrote:
> Running the trinity fuzzer on the latest mainline (rc2) generates this,
>
> [15029.879626] BUG: KASAN: slab-out-of
On Fri, Sep 14, 2018 at 5:19 AM Paul Moore wrote:
> On Fri, Aug 24, 2018 at 8:00 AM Ondrej Mosnacek wrote:
> > This patch adds two auxiliary record types that will be used to annotate
> > the adjtimex SYSCALL records with the NTP/timekeeping values that have
> > been chan
On Mon, Aug 27, 2018 at 6:38 PM Steve Grubb wrote:
> On Monday, August 27, 2018 5:13:17 AM EDT Ondrej Mosnacek wrote:
> > On Mon, Aug 27, 2018 at 9:50 AM Miroslav Lichvar
> wrote:
> > > On Fri, Aug 24, 2018 at 02:00:00PM +0200, Ondrej Mosnacek wrote:
> > > > Thi
...instead of kstrtol with a dirty cast.
Signed-off-by: Ondrej Mosnacek
---
kernel/time/ntp.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c
index 25031ffb5d25..6c764addef3e 100644
--- a/kernel/time/ntp.c
+++ b/kernel/time/ntp.c
Add 'const' to some function arguments and variables to make it easier
to read the code.
Signed-off-by: Ondrej Mosnacek
---
include/linux/timekeeping.h| 2 +-
kernel/time/ntp.c | 6 +++---
kernel/time/ntp_internal.h | 2 +-
kernel/time/tim
The 'ts' argument of process_adj_status() and process_adjtimex_modes()
is unused and can be safely removed.
Signed-off-by: Ondrej Mosnacek
---
kernel/time/ntp.c | 10 --
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/kernel/time/ntp.c b/kernel/time/n
2018-04-16 16:11 GMT+02:00 Richard Guy Briggs :
> On 2018-04-16 09:26, Ondrej Mosnacek wrote:
>> 2018-04-10 1:34 GMT+02:00 Richard Guy Briggs :
>> > There were two formats of the audit MAC_STATUS record, one of which was
>> > more
>> > standard than the other.
from_kuid(&init_user_ns, audit_get_loginuid(current)),
> - audit_get_sessionid(current));
> + audit_get_sessionid(current), 0, 1);
> }
>
> length = count;
> --
> 1.8.3.1
>
> --
> Linux-audit mailing list
> linux-au...@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
--
Ondrej Mosnacek
Associate Software Engineer, Security Technologies
Red Hat, Inc.
2017-03-01 13:42 GMT+01:00 Gilad Ben-Yossef :
> It really is an observation about overhead of context switches between
> dm-crypt and
> whatever/wherever you handle crypto - be it an off CPU hardware engine
> or a bunch
> of parallel kernel threads running on other cores. You really want to
> burst
72 matches
Mail list logo
