goto out;
> + return rc;
> nel = le32_to_cpu(buf[0]);
>
> for (i = 0; i < nel; i++) {
> --
> 2.11.0
>
--
paul moore
www.paul-moore.com
goto out;
> + return rc;
>
> nel = le32_to_cpu(buf[0]);
> for (i = 0; i < nel; i++) {
> --
> 2.11.0
>
--
paul moore
www.paul-moore.com
o a much more current point in time (likely a
4.11-rcX tag, which presents its own challenges, but oh well).
--
paul moore
www.paul-moore.com
n this function?
> Would it be acceptable to replace any statements “goto out;” with
> “return -ENOMEM;” here instead?
Yes.
--
paul moore
www.paul-moore.com
my mistake, as I said in my response to that patch, I do not plan
on merging 07/46.
--
paul moore
www.paul-moore.com
g to SELinux development, but I do want to strongly
encourage you to contribute more meaningful patches.
--
paul moore
www.paul-moore.com
On Sun, Mar 26, 2017 at 1:23 PM, Linus Torvalds
<torva...@linux-foundation.org> wrote:
> On Sun, Mar 26, 2017 at 8:18 AM, Paul Moore <pmo...@redhat.com> wrote:
>> On Sat, Mar 25, 2017 at 6:23 PM, Linus Torvalds
>> <torva...@linux-foundation.org> wrote:
>>&
)
Paul Moore (1):
audit: fix auditd/kernel connection state tracking
kernel/audit.c | 639 ++-
kernel/audit.h | 9 +-
kernel/auditsc.c | 6 +-
3 files changed, 399 insertions(+), 255 deletions(-)
--
paul moore
last big
pull request that Linus merged on Saturday, the 25th. We did merge
some small changes into audit/next on Wednesday, the 22nd, and
Thursday, the 23rd, but nothing that should involve the syscall entry
code. Hmmm.
--
paul moore
www.paul-moore.com
On Sat, Mar 25, 2017 at 6:23 PM, Linus Torvalds
<torva...@linux-foundation.org> wrote:
> On Fri, Mar 24, 2017 at 2:39 PM, Paul Moore <pmo...@redhat.com> wrote:
>>
>> This code has passed our testsuite without problem and it has held up
>> to my ad-hoc s
On Fri, Mar 24, 2017 at 5:39 PM, Paul Moore <pmo...@redhat.com> wrote:
> Hi Linus,
>
> We've got an audit fix, and unfortunately it is two things I don't
> like: big and based on a -rcX tag. The size of the patch is
> (hopefully) explained well in the patch description, the
el)
> + if (!levdatum->level) {
> + rc = -ENOMEM;
> goto bad;
> + }
>
> rc = mls_read_level(levdatum->level, fp);
> if (rc)
> --
> 2.11.0
>
--
paul moore
www.paul-moore.com
t;
> - rc = -ENOMEM;
> levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC);
> if (!levdatum)
> - goto bad;
> + return -ENOMEM;
>
> rc = next_entry(buf, fp, sizeof buf);
> if (rc)
> --
> 2.11.0
>
--
paul moore
www.paul-moore.com
t;
> - rc = -ENOMEM;
> usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL);
> if (!usrdatum)
> - goto bad;
> + return -ENOMEM;
>
> if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
> to_read = 3;
> --
> 2.11.0
>
--
paul moore
www.paul-moore.com
t;
> - rc = -ENOMEM;
> catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC);
> if (!catdatum)
> - goto bad;
> + return -ENOMEM;
>
> rc = next_entry(buf, fp, sizeof buf);
> if (rc)
> --
> 2.11.0
>
--
paul moore
www.paul-moore.com
7 @@ static int sens_read(struct policydb *p, struct hashtab
> *h, void *fp)
> goto bad;
>
> rc = -ENOMEM;
> - levdatum->level = kmalloc(sizeof(struct mls_level), GFP_ATOMIC);
> + levdatum->level = kmalloc(sizeof(*levdatum->level), GFP_ATOMIC);
&
155,7 +155,7 @@ static int selinux_set_mapping(struct policydb *pol,
>> }
>>
>> k = 0;
>> - while (p_in->perms && p_in->perms[k]) {
>> + while (p_in->perms[k]) {
>> /* An empty permission string skips ahead */
>> if (!*p_in->perms[k]) {
>> k++;
>> --
>> 2.12.0.367.g23dc2f6d3c-goog
>>
>
--
paul moore
www.paul-moore.com
rc = -ENOMEM;
> role = kzalloc(sizeof(*role), GFP_KERNEL);
> if (!role)
> - goto bad;
> + return -ENOMEM;
>
> if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
> to_read = 3;
> --
> 2.11.0
>
--
paul moore
www.paul-moore.com
ebitmap_destroy(>dfltlevel.cat);
> + kfree(datum);
> }
> - kfree(datum);
> return 0;
> }
>
> @@ -726,8 +726,8 @@ static int sens_destroy(void *key, void *datum, void *p)
> levdatum = datum;
> ebitmap_destroy(>level->cat);
> kfree(levdatum->level);
> + kfree(datum);
> }
> - kfree(datum);
> return 0;
> }
>
> --
> 2.11.0
>
--
paul moore
www.paul-moore.com
t;
> - rc = -ENOMEM;
> typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL);
> if (!typdatum)
> - goto bad;
> + return -ENOMEM;
>
> if (p->policyvers >= POLICYDB_VERSION_BOUNDARY)
> to_read = 4;
> --
> 2.11.0
>
--
paul moore
www.paul-moore.com
8,7 +18,7 @@ int sidtab_init(struct sidtab *s)
> {
> int i;
>
> - s->htable = kmalloc(sizeof(*(s->htable)) * SIDTAB_SIZE, GFP_ATOMIC);
> + s->htable = kmalloc_array(SIDTAB_SIZE, sizeof(*s->htable),
> GFP_ATOMIC);
> if (!s->htable)
&g
t;
> - rc = -ENOMEM;
> comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL);
> if (!comdatum)
> - goto bad;
> + return -ENOMEM;
>
> rc = next_entry(buf, fp, sizeof buf);
> if (rc)
> --
> 2.11.0
>
--
paul moore
www.paul-moore.com
rflow\n");
> + rc = -EINVAL;
> goto out;
> }
>
> --
> 2.11.0
>
--
paul moore
www.paul-moore.com
t;
> - rc = -ENOMEM;
> perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL);
> if (!perdatum)
> - goto bad;
> + return -ENOMEM;
>
> rc = next_entry(buf, fp, sizeof buf);
> if (rc)
> --
> 2.11.0
>
--
paul moore
www.paul-moore.com
{
> + rc = -EINVAL;
> goto out;
> + }
>
> - rc = -ENOMEM;
> key = kstrdup(OBJECT_R, GFP_KERNEL);
> - if (!key)
> + if (!key) {
> + rc = -ENOMEM;
> goto out;
> + }
>
> rc = hashtab_insert(p->p_roles.table, key, role);
> if (rc)
> --
> 2.11.0
>
--
paul moore
www.paul-moore.com
out;
> + goto free_role;
> }
>
> rc = hashtab_insert(p->p_roles.table, key, role);
> @@ -201,6 +201,7 @@ static int roles_init(struct policydb *p)
> return 0;
> out:
> kfree(key);
> +free_role:
> kfree(role);
> return rc;
> }
> --
> 2.11.0
>
--
paul moore
www.paul-moore.com
;sid || cur->context.len) {
> /* Remap invalid SIDs to the unlabeled SID. */
> sid = SECINITSID_UNLABELED;
> hvalue = SIDTAB_HASH(sid);
> --
> 2.11.0
>
--
paul moore
www.paul-moore.com
t;
> - rc = -ENOMEM;
> cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL);
> if (!cladatum)
> - goto bad;
> + return -ENOMEM;
>
> rc = next_entry(buf, fp, sizeof(u32)*6);
> if (rc)
> --
> 2.11.0
>
--
paul moore
www.paul-moore.com
KERN_ERR "SELinux: SID %s was never
> defined.\n",
> c->u.name);
> + rc = -EINVAL;
> goto out;
> }
>
> --
> 2.11.0
>
--
paul moore
www.paul-moore.com
le = kzalloc(sizeof(*role), GFP_KERNEL);
> if (!role)
> - goto out;
> + return -ENOMEM;
>
> rc = -EINVAL;
> role->value = ++p->p_roles.nprim;
> --
> 2.11.0
>
--
paul moore
www.paul-moore.com
rc = -EINVAL;
> goto out;
> + }
>
> len = le32_to_cpu(buf[1]);
> rc = str_read(>u.name, GFP_KERNEL, fp,
> len);
> --
> 2.11.0
>
--
paul moore
www.paul-moore.com
else {
> + if (v == SEQ_START_TOKEN) {
> + seq_puts(seq,
> +"lookups hits misses allocations reclaims frees\n");
> + } else {
> unsigned int lookups = st->lookups;
> unsigned int misses = st->misses;
> unsigned int hits = lookups - misses;
> --
> 2.11.0
>
--
paul moore
www.paul-moore.com
if (!cladatum->comdatum) {
> printk(KERN_ERR "SELinux: unknown common %s\n",
> cladatum->comkey);
> + rc = -EINVAL;
> goto bad;
> }
> }
> --
> 2.11.0
>
--
paul moore
www.paul-moore.com
On Fri, Mar 10, 2017 at 2:54 PM, Paul Moore <p...@paul-moore.com> wrote:
> On Fri, Mar 10, 2017 at 12:14 PM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
>> generic_permission() presently checks CAP_DAC_OVERRIDE prior to
>> CAP_DAC_READ_SEARCH. This can cause mis
On Thu, Mar 23, 2017 at 1:34 PM, Grant Grundler <grund...@chromium.org> wrote:
> On Thu, Mar 23, 2017 at 5:08 AM, Paul Moore <p...@paul-moore.com> wrote:
>> On Wed, Mar 22, 2017 at 8:28 PM, Grant Grundler <grund...@chromium.org>
>> wrote:
>>> Ping? An
reminder there that the function “kmalloc” provides
> its own
> error reporting already because the flag “__GFP_NOWARN” was not passed here?
That is what I said by "better reasoning in the patch description",
however, now that I'm looking at this again, I don't think I'm going
to merge this. Yes, maybe in some cases it is a bit wasteful, but I
like the error message.
--
paul moore
www.paul-moore.com
meaningful improvements such as bug fixing and/or
new features; changing only the code style isn't very interesting or
appealing, even if I happen to agree with your changes.
--
paul moore
www.paul-moore.com
On Mon, Mar 13, 2017 at 12:31 PM, Jessica Yu <j...@redhat.com> wrote:
> +++ Paul Moore [13/03/17 10:16 -0400]:
>>
>> On Sat, Mar 11, 2017 at 9:24 PM, Richard Guy Briggs <r...@redhat.com>
>> wrote:
>>>
>>> When a sysadmin wis
const unsigned char type)
> {
> struct audit_context *context = current->audit_context;
> @@ -1914,6 +1917,7 @@ void __audit_inode_child(struct inode *parent,
> if (!n)
> return;
> audit_copy_inode(n, NULL, parent);
> + n->dentry = dget_parent(dentry);
> }
>
> if (!found_child) {
> @@ -1935,6 +1939,8 @@ void __audit_inode_child(struct inode *parent,
> audit_copy_inode(found_child, dentry, inode);
> else
> found_child->ino = AUDIT_INO_UNSET;
> + if (!found_parent)
> + found_child->dentry = dget(dentry);
> }
> EXPORT_SYMBOL_GPL(__audit_inode_child);
>
> --
> 1.7.1
>
> --
> Linux-audit mailing list
> linux-au...@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
--
paul moore
www.paul-moore.com
td
is connected we add the record to the retry queue (what we currently
do).
--
paul moore
www.paul-moore.com
On Sun, Apr 9, 2017 at 10:40 AM, Seth Forshee
<seth.fors...@canonical.com> wrote:
> On Sun, Apr 09, 2017 at 09:14:03AM -0400, Paul Moore wrote:
>> On Sat, Apr 8, 2017 at 11:02 PM, Seth Forshee
>> <seth.fors...@canonical.com> wrote:
>> > I've observed audit r
)
Paul Moore (1):
audit: make sure we don't let the retry queue grow without bounds
kernel/audit.c | 67 ++
1 file changed, 32 insertions(+), 35 deletions(-)
--
paul moore
security @ redhat
On Tue, Feb 28, 2017 at 5:11 PM, Paul Moore <p...@paul-moore.com> wrote:
> On Tue, Feb 21, 2017 at 2:15 AM, Reshetova, Elena
> <elena.reshet...@intel.com> wrote:
>>> On Mon, Feb 20, 2017 at 5:19 AM, Elena Reshetova
>>> <elena.reshet...@intel.com> wrote:
&
uce the potential merge conflict. However,
>> that's a relatively small thing to worry about.
--
paul moore
www.paul-moore.com
cattr;
>
> extern int selinux_enabled;
> +extern int selinux_enforcing;
>
> /* Policy capabilities */
> enum {
> --
> 1.8.3.1
>
> --
> To unsubscribe from this list: send the line "unsubscribe
> linux-security-module" in
> the body of a message to majord...@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
paul moore
security @ redhat
us_get_seq);
> --
> 1.8.3.1
>
> --
> To unsubscribe from this list: send the line "unsubscribe
> linux-security-module" in
> the body of a message to majord...@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
paul moore
security @ redhat
odule, const char __user *,
>> name_user,
>> return -EFAULT;
>> name[MODULE_NAME_LEN-1] = '\0';
>>
>> + audit_log_kern_module(name);
>> +
>> if (mutex_lock_interruptible(_mutex) != 0)
>> return -EINTR;
>>
>> --
>> 1.7.1
>>
>
> --
> Linux-audit mailing list
> linux-au...@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
--
paul moore
www.paul-moore.com
as I caught the
> filesystem type, it is effective for only the PATH record, which is all
> that is a problem at the moment.
>
> It touches nine arch-related files, which is a lot more disruptive than
> I was hoping.
Blocking PATH record on creation based on syscall *really* seems like
a bad/dangerous idea. If we want to block all these tracefs/debugfs
records, let's just block the fs. Although as of right now I'm not a
fan of blocking anything.
--
paul moore
www.paul-moore.com
eleased with dput)
This seems most in keeping with the spirit of audit.
>> Is there another more elegant solution that I've missed that catches
>> things before they get anywhere near audit_inode_child (called from
>> tracefs' notifiers)?
>>
>> I'll thread onto this message tested patches for all four solutions.
>>
>> - RGB
>>
>> --
>> Richard Guy Briggs <r...@redhat.com>
>> Kernel Security Engineering, Base Operating Systems, Red Hat
>> Remote, Ottawa, Canada
>> Voice: +1.647.777.2635, Internal: (81) 32635
--
paul moore
www.paul-moore.com
e_user,
> return -EFAULT;
> name[MODULE_NAME_LEN-1] = '\0';
>
> + audit_log_kern_module(name);
> +
> if (mutex_lock_interruptible(_mutex) != 0)
> return -EINTR;
>
> --
> 1.7.1
>
> --
> Linux-audit mailing list
> linux-au...@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
--
paul moore
www.paul-moore.com
,
> default:
> BUG();
> return 0;
> - };
> + }
>
> if (mask & (FS_CREATE|FS_MOVED_TO|FS_DELETE|FS_MOVED_FROM)) {
> if (audit_compare_dname_path(dname, audit_mark->path,
> AUDIT_NAME_FULL))
> --
> 2.1.4
>
--
paul moore
www.paul-moore.com
BUG();
> inode = NULL;
> break;
> - };
> + }
>
> if (mask & (FS_CREATE|FS_MOVED_TO) && inode)
> audit_update_watch(parent, dname, inode->i_sb->s_dev,
> inode->i_ino, 0);
> --
> 2.1.4
>
--
paul moore
www.paul-moore.com
tatic int audit_field_valid(struct audit_entry *entry,
> struct audit_field *f)
> if (entry->rule.listnr != AUDIT_FILTER_EXIT)
> return -EINVAL;
> break;
> - };
> + }
> return 0;
> }
>
> --
> 2.1.4
>
--
paul moore
www.paul-moore.com
__
> Selinux mailing list
> seli...@tycho.nsa.gov
> To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
> To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
--
paul moore
www.paul-moore.com
On Fri, Mar 10, 2017 at 3:17 PM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
> On Fri, 2017-03-10 at 15:01 -0500, Paul Moore wrote:
>> On Thu, Feb 9, 2017 at 10:58 AM, Antonio Murdaca <amurd...@redhat.com
>> > wrote:
>> >
>> > This patch a
On Fri, Mar 10, 2017 at 7:01 AM, Paul Moore <p...@paul-moore.com> wrote:
> On Thu, Mar 9, 2017 at 2:12 AM, David Miller <da...@davemloft.net> wrote:
>> From: Alexander Potapenko <gli...@google.com>
>> Date: Mon, 6 Mar 2017 19:46:14 +0100
>>
>>> KMS
s/selinux/mdp/mdp.c b/scripts/selinux/mdp/mdp.c
> index c29fa4a6228d..ffe8179f5d41 100644
> --- a/scripts/selinux/mdp/mdp.c
> +++ b/scripts/selinux/mdp/mdp.c
> @@ -32,6 +32,7 @@
> #include
> #include
> #include
> +#include
>
> static void usage(char *name)
> {
> --
> 2.11.1
>
--
paul moore
www.paul-moore.com
+* Executable DACs are overridable when there is
> +* at least one exec bit set.
> +*/
> + if (!(mask & MAY_EXEC) || (inode->i_mode & S_IXUGO))
> + if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE))
> + return 0;
>
> return -EACCES;
> }
> --
> 2.7.4
>
--
paul moore
www.paul-moore.com
), which uses them to calculate a hash.
>>
>> Signed-off-by: Alexander Potapenko <gli...@google.com>
>
> Are the SELINUX folks going to pick this up or should I?
Yes, it's on my list of things to merge, I was just a bit distracted
this week with yet another audit problem. I'm going to start making
my way through the patch backlog today.
--
paul moore
www.paul-moore.com
On Wed, Mar 8, 2017 at 8:25 AM, Richard Guy Briggs <r...@redhat.com> wrote:
> On 2017-03-07 14:23, Paul Moore wrote:
>> On Tue, Mar 7, 2017 at 1:44 PM, Paul Moore <p...@paul-moore.com> wrote:
>> > On Tue, Mar 7, 2017 at 10:55 AM, Richard Guy Briggs <r...@redhat.c
after the
> "quick_loop:" label. The condition on auditd is supposed to catch that
> case. We don't want it locked while playing with the scheduler at the
> bottom of that function.
Let me look into this and play around with a few things. I suspected
there might be a problem here, so I've got thoughts on how we might
resolve it; I just need to see code them up and see what option sucks
the least.
FWIW Richard, yes wrapping most of kauditd_thread *should* resolve
this but it's pretty heavy handed and not my first choice.
--
paul moore
www.paul-moore.com
On Tue, Mar 7, 2017 at 10:55 AM, Richard Guy Briggs <r...@redhat.com> wrote:
> On 2017-03-07 09:29, Paul Moore wrote:
>> On Mon, Mar 6, 2017 at 11:03 PM, Richard Guy Briggs <r...@redhat.com> wrote:
>> > On 2017-03-06 10:10, Cong Wang wrote:
>> >> On Mon, M
On Tue, Mar 7, 2017 at 1:44 PM, Paul Moore <p...@paul-moore.com> wrote:
> On Tue, Mar 7, 2017 at 10:55 AM, Richard Guy Briggs <r...@redhat.com> wrote:
>> On 2017-03-07 09:29, Paul Moore wrote:
>>> On Mon, Mar 6, 2017 at 11:03 PM, Richard Guy Briggs <r...@redhat.c
afe struct timespec64 to represent the times.
> The log strings can handle this transition as strings can
> hold upto 1024 characters.
>
> Signed-off-by: Deepa Dinamani <deepa.ker...@gmail.com>
> Reviewed-by: Arnd Bergmann <a...@arndb.de>
> Acked-by: Paul Moore <
Moore (1):
audit: move audit_signal_info() into kernel/auditsc.c
kernel/audit.h | 8 +---
kernel/auditsc.c | 25 +
2 files changed, 14 insertions(+), 19 deletions(-)
--
paul moore
security @ redhat
case IPOPT_NOOP:
taglen = 1;
break;
default:
taglen = optptr[1];
}
optlen -= taglen;
optptr += taglen;
}
--
paul moore
security @ redhat
20 and the first byte of ip
> option is 0, produce this issue
>
> Signed-off-by: yujuan.qi <yujuan...@mediatek.com>
> ---
> net/ipv4/cipso_ipv4.c | 12 ++--
> 1 file changed, 10 insertions(+), 2 deletions(-)
Considering I gave you the code below I should probably ack it
nd the avc_alloc_node() function.
I can't say that I'm an expert at the vm subsystem and the variety of
different GFP_* flags, but your suggestion of moving to GFP_NOWAIT in
security/selinux/avc.c seems reasonable and in keeping with the idea
behind commit 6290c2c43973.
--
paul moore
security @ redhat
> [CC Mel]
>> > > >
>> > > > On Wed 02-08-17 17:45:56, Paul Moore wrote:
>> > > >> On Wed, Aug 2, 2017 at 6:50 AM, Michal Hocko <mho...@kernel.org>
>> > > >> wrote:
>> > > >>> Hi,
>> > &
m not seeing anything that would
cause any backwards compatibility issues for libseccomp. You could
try running the libseccomp tests against a patched kernel to make
sure; the README has all the info you need (pay special attention to
the "live" tests, although those are pretty meager at the moment).
--
paul moore
www.paul-moore.com
lp contribute in a meaningful way (link below). My earlier comments
still apply; if you want to continue to contribute to SELinux in the
kernel, please focus your attention on more meaningful changes. I am
not going to merge any of these patches.
* https://github.com/SELinuxProject/selinux-kernel/issues
--
paul moore
www.paul-moore.com
On Thu, Aug 10, 2017 at 3:02 AM, Michal Hocko <mho...@kernel.org> wrote:
> On Tue 08-08-17 09:34:15, Paul Moore wrote:
>> On Mon, Aug 7, 2017 at 2:58 AM, Michal Hocko <mho...@kernel.org> wrote:
>> > On Fri 04-08-17 13:12:04, Paul Moore wrote:
>> >> On Fri,
which was interesting, but doesn't directly affect my
> work. The primary patch of interest to the audit kernel folks (Paul Moore and
> me) is this patch while the rest of the patchset is interesting, but not
> likely
> to directly affect us. This patch has most of what we need to solve ou
On Wed, Jun 21, 2017 at 3:04 PM, Paul Moore <p...@paul-moore.com> wrote:
> On Wed, Jun 21, 2017 at 5:48 AM, Luis Ressel <ara...@aixah.de> wrote:
>> On Tue, 20 Jun 2017 17:43:38 -0400
>> Paul Moore <p...@paul-moore.com> wrote:
>>
>>> Considering
ot send this up to Linus during
the current window; while the patch is small, I like to give things
some time in linux-next before sending them up.
--
paul moore
www.paul-moore.com
auditd_conn);
> if (!ac) {
> rcu_read_unlock();
> + kfree_skb(skb);
> rc = -ECONNREFUSED;
> goto err;
> }
> --
> 2.5.0
--
paul moore
www.paul-moore.com
c b/kernel/audit.c
> index 833267bbd80b..789f4cc1f481 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -659,6 +659,7 @@ static int auditd_send_unicast_skb(struct sk_buff *skb)
> err:
> if (ac && rc == -ECONNREFUSED)
> auditd_reset(ac);
> + kfree_skb(skb);
> return rc;
> }
>
> --
> 2.13.0
>
--
paul moore
www.paul-moore.com
On Wed, Jul 19, 2017 at 9:37 PM, Kees Cook <keesc...@chromium.org> wrote:
> On Wed, Jul 19, 2017 at 5:19 PM, Paul Moore <p...@paul-moore.com> wrote:
>> On Wed, Jul 19, 2017 at 8:03 PM, Paul Moore <p...@paul-moore.com> wrote:
>>> On Tue, Jul 18, 2017 at 6:25
On Thu, Jul 20, 2017 at 1:25 PM, Linus Torvalds
<torva...@linux-foundation.org> wrote:
> On Thu, Jul 20, 2017 at 8:07 AM, Paul Moore <p...@paul-moore.com> wrote:
>>
>> git://git.infradead.org/users/pcmoore/audit stable-4.13
>
> Pulled.
Thanks.
> However, I'm
)
Shu Wang (1):
audit: fix memleak in auditd_send_unicast_skb.
kernel/audit.c | 1 +
1 file changed, 1 insertion(+)
--
paul moore
www.paul-moore.com
On Fri, Jul 21, 2017 at 1:37 PM, Kees Cook <keesc...@chromium.org> wrote:
> On Fri, Jul 21, 2017 at 8:40 AM, Paul Moore <p...@paul-moore.com> wrote:
>> On Thu, Jul 20, 2017 at 4:42 PM, Paul Moore <p...@paul-moore.com> wrote:
>>> On Thu, Jul 20, 2017 at 1:06
.
>
> Cc: David Howells <dhowe...@redhat.com>
> Cc: John Johansen <john.johan...@canonical.com>
> Cc: Paul Moore <p...@paul-moore.com>
> Cc: Stephen Smalley <s...@tycho.nsa.gov>
> Cc: Casey Schaufler <ca...@schaufler-ca.com>
> Cc: James Mo
_creds hook via
> prepare_binprm() (subsequent calls due to binfmt_script, etc, are ignored
> via bprm->called_set_creds).
>
> Here, the test can just happen at the end of the bprm_set_creds hook,
> and the bprm_secureexec hook can be dropped.
>
> Cc: Paul Moore <p..
On Wed, Jul 19, 2017 at 8:03 PM, Paul Moore <p...@paul-moore.com> wrote:
> On Tue, Jul 18, 2017 at 6:25 PM, Kees Cook <keesc...@chromium.org> wrote:
>> The SELinux bprm_secureexec hook can be merged with the bprm_set_creds
>> hook since it's dealing with th
On Tue, Jul 18, 2017 at 8:10 PM, Shu Wang <shuw...@redhat.com> wrote:
> - Original Message -
>> From: "Paul Moore" <p...@paul-moore.com>
>> To: shuw...@redhat.com
>> Cc: "Eric Paris" <epa...@redhat.com>, linux-au...@redhat.com,
On Thu, Jul 20, 2017 at 1:06 PM, Kees Cook <keesc...@chromium.org> wrote:
> On Thu, Jul 20, 2017 at 6:42 AM, Paul Moore <p...@paul-moore.com> wrote:
>> Alternatively, if you've got a fairly recent git repo with all the
>> patches merged I can build a test kernel
On Thu, Jul 20, 2017 at 4:42 PM, Paul Moore <p...@paul-moore.com> wrote:
> On Thu, Jul 20, 2017 at 1:06 PM, Kees Cook <keesc...@chromium.org> wrote:
>> On Thu, Jul 20, 2017 at 6:42 AM, Paul Moore <p...@paul-moore.com> wrote:
>>> Alternatively, if you've g
On Tue, Jun 27, 2017 at 4:45 PM, Richard Guy Briggs <r...@redhat.com> wrote:
> On 2017-05-30 17:30, Paul Moore wrote:
>> On Tue, Apr 4, 2017 at 5:21 AM, Richard Guy Briggs <r...@redhat.com> wrote:
>> > Tracefs or debugfs were causing hundreds to thousands of PATH
On Tue, Jun 27, 2017 at 5:11 PM, Richard Guy Briggs <r...@redhat.com> wrote:
> On 2017-05-30 17:21, Paul Moore wrote:
>> On Tue, Apr 4, 2017 at 5:21 AM, Richard Guy Briggs <r...@redhat.com> wrote:
...
>> > diff --git a/kernel/audit.c b/kernel/audit.c
>
for you to fetch changes up to cd33f5f2cbfaadc21270f3ddac7c3c33e0a1a28c:
audit: make sure we never skip the multicast broadcast
(2017-06-16 11:51:00 -0400)
Derek Robson (1):
audit: style fix
Paul Moore (2):
audit: fix
On Thu, Jul 6, 2017 at 9:30 AM, Paul Moore <p...@paul-moore.com> wrote:
> On Thu, Jul 6, 2017 at 1:32 AM, John Stultz <john.stu...@linaro.org> wrote:
>> Hey folks,
>>I updated my HiKey kernel tree to linus/master today and it stopped
>> booting (hitting errors
or a number of object
classes. The solution is to either update your SELinux policy to
include the SELinux policy, or to allow unknown object classes and
permissions.
What distribution are you running (where are you getting your SELinux
policy and userspace)? I would suggest starting a conversation there,
I'm happy to lend a hand if you need some help explaining the
situation.
--
paul moore
www.paul-moore.com
er.c | 10 +-
> kernel/auditsc.c |2 +-
> 3 files changed, 9 insertions(+), 9 deletions(-)
Considering that the original AUDIT_FILTER_PATH haven't been merged
yet (they were waiting on a userspace discussion for reasons like
this), please just fold this change into the
something?
I realize you aren't able to reproduce this reliably, but if you do,
any chance you try it with Linus' tree? I'd like to see if we can
rule out the changes in net-next (my testing doesn't typically include
net-next patches).
--
paul moore
www.paul-moore.com
On Fri, Apr 28, 2017 at 12:11 PM, Cong Wang <xiyou.wangc...@gmail.com> wrote:
> On Fri, Apr 28, 2017 at 8:30 AM, Paul Moore <p...@paul-moore.com> wrote:
>> On Thu, Apr 27, 2017 at 8:47 PM, Paul Moore <p...@paul-moore.com> wrote:
>>> In that case please sen
On Thu, Apr 27, 2017 at 5:45 PM, Cong Wang <xiyou.wangc...@gmail.com> wrote:
> On Thu, Apr 27, 2017 at 2:35 PM, Cong Wang <xiyou.wangc...@gmail.com> wrote:
>> On Thu, Apr 27, 2017 at 1:31 PM, Cong Wang <xiyou.wangc...@gmail.com> wrote:
>>> On Wed, Apr 26, 20
On Thu, Apr 27, 2017 at 8:47 PM, Paul Moore <p...@paul-moore.com> wrote:
> In that case please send a proper inline patch to the audit mailing list
> and we'll review it.
>
> Thanks.
Now that I'm back in front of a proper screen/keyboard I've been
looking over your patch and
In that case please send a proper inline patch to the audit mailing list
and we'll review it.
Thanks.
--
paul moore
www.paul-moore.com
On April 27, 2017 7:41:45 PM Cong Wang <xiyou.wangc...@gmail.com> wrote:
> On Thu, Apr 27, 2017 at 3:38 PM, Paul Moore <p...@paul-moore.com> w
On Fri, Aug 4, 2017 at 3:56 AM, Michal Hocko <mho...@kernel.org> wrote:
> On Thu 03-08-17 14:17:26, Paul Moore wrote:
>> On Thu, Aug 3, 2017 at 7:05 AM, Michal Hocko <mho...@kernel.org> wrote:
>> > On Thu 03-08-17 19:44:46, Tetsuo Handa wrote:
> [...]
>>
On Fri, Jul 28, 2017 at 4:44 PM, Deepa Dinamani <deepa.ker...@gmail.com> wrote:
> On Fri, Jul 28, 2017 at 1:15 PM, Paul Moore <p...@paul-moore.com> wrote:
>> On Fri, Jul 28, 2017 at 2:52 PM, Deepa Dinamani <deepa.ker...@gmail.com>
>> wrote:
>>> struct t
601 - 700 of 2279 matches
Mail list logo
