[an addition] I also believe that this log entry should include program source and/or bytecode checksum so customer/our support can verify that exactly this eBPF program was loaded/unloaded and not the program that someone states that it was loaded.
Best regards, Vladis Dronov | Red Hat, Inc. | The Core Kernel | Senior Software Engineer ----- Original Message ----- > From: "Jiri Benc" <jb...@redhat.com> > To: "Jiri Olsa" <jo...@redhat.com> > Cc: "Steve Grubb" <sgr...@redhat.com>, linux-audit@redhat.com, "Stanislav > Kozina" <skoz...@redhat.com>, "Yauheni > Kaliuta" <yauheni.kali...@redhat.com>, "Toke Høiland-Jørgensen" > <t...@redhat.com>, "Arnaldo Carvalho de Melo" > <a...@redhat.com>, "Jesper Dangaard Brouer" <bro...@redhat.com>, "Vlad > Dronov" <vdro...@redhat.com>, "Petr Matousek" > <pmato...@redhat.com>, "Rashid Khan" <rk...@redhat.com> > Sent: Monday, November 4, 2019 2:05:18 PM > Subject: Re: [RFC] audit support for BPF notification > > Seems there have been no reply to this... > > Jiri, what is the current status? > > Vlad, what is the Product Security's view on this? Is the audit support > for bpf programs loading/unloading a requirement for full support of > eBPF (as opposed to tech preview)? > > Thanks, > > Jiri -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
