Re: seccomp and audit_enabled

2015-11-20 Thread Paul Moore
On Fri, Nov 20, 2015 at 12:51 PM, Tony Jones wrote: > Any comments on this? Current interaction between enabled_enabled and dummy > flag seems wrong to me. I can code up > a patch. It's on my todo list for this development cycle, I've just been a little busy lately with the

Re: seccomp and audit_enabled

2015-11-06 Thread Tony Jones
On 10/13/2015 12:19 PM, Paul Moore wrote: > Yes, if systemd is involved it enables audit; we've had some > discussions with the systemd folks about fixing that, but they haven't > gone very far. I'm still a little curious as to why > audit_dummy_context() is false in this case, but I haven't

Re: seccomp and audit_enabled

2015-11-06 Thread Tony Jones
in your distribution? If so, > that might add more ammunition to get that fixed. Hi Steve we only have the one bug and it's related to: 1) noisy klog between when systemd enables audit and user manually disables it (rh bz#1160046) 2) after user manually disables audit (audit_enabled=0) seccomp me

Re: seccomp and audit_enabled

2015-10-13 Thread Paul Moore
On Mon, Oct 12, 2015 at 4:45 PM, Kees Cook wrote: > On Mon, Oct 12, 2015 at 10:53 AM, Tony Jones wrote: >> From d6971ec9508244f7a1ab42f9ac4c59b7e1ca6145 Mon Sep 17 00:00:00 2001 >> From: Tony Jones >> Date: Sat, 10 Oct 2015 19:30:49 -0700 >>

Re: seccomp and audit_enabled

2015-10-13 Thread Tony Jones
On 10/13/2015 09:11 AM, Paul Moore wrote: > On Mon, Oct 12, 2015 at 4:45 PM, Kees Cook wrote: >> On Mon, Oct 12, 2015 at 10:53 AM, Tony Jones wrote: >>> From d6971ec9508244f7a1ab42f9ac4c59b7e1ca6145 Mon Sep 17 00:00:00 2001 >>> From: Tony Jones

Re: seccomp and audit_enabled

2015-10-13 Thread Tony Jones
On 10/13/2015 12:19 PM, Paul Moore wrote: >> No, it's the default audit.rules (-D, -b320). No actual rules loaded. >> Let me add some instrumentation and figure out what's going on. auditd >> is masked (via systemd) but systemd-journal seems to set audit_enabled=1 >> during startup (at least

Re: seccomp and audit_enabled

2015-10-12 Thread Paul Moore
On Friday, October 09, 2015 08:50:01 PM Tony Jones wrote: > Hi. > > What is the expected handling of AUDIT_SECCOMP if audit_enabled == 0? > Opera browser makes use of a sandbox and if audit_enabled == 0 (and no > auditd is running) there is a lot of messages dumped to the klog. The fix > to

Re: seccomp and audit_enabled

2015-10-12 Thread Paul Moore
My apologies for the resend, I had the wrong email for Kees. On Monday, October 12, 2015 11:29:43 AM Paul Moore wrote: > On Friday, October 09, 2015 08:50:01 PM Tony Jones wrote: > > Hi. > > > > What is the expected handling of AUDIT_SECCOMP if audit_enabled == 0? > > Opera browser makes use of

Re: seccomp and audit_enabled

2015-10-12 Thread Tony Jones
On 10/12/2015 08:40 AM, Paul Moore wrote: > My apologies for the resend, I had the wrong email for Kees. > > On Monday, October 12, 2015 11:29:43 AM Paul Moore wrote: >> On Friday, October 09, 2015 08:50:01 PM Tony Jones wrote: >>> Hi. >>> >>> What is the expected handling of AUDIT_SECCOMP if

Re: seccomp and audit_enabled

2015-10-12 Thread Kees Cook
On Mon, Oct 12, 2015 at 10:53 AM, Tony Jones wrote: > On 10/12/2015 08:40 AM, Paul Moore wrote: >> My apologies for the resend, I had the wrong email for Kees. (I keep asking for that alias, but no luck...) >> On Monday, October 12, 2015 11:29:43 AM Paul Moore wrote: >>> On