On Tue, Aug 29, 2023 at 2:24 PM Phil Sutter <[email protected]> wrote: > > Resetting rules' stateful data happens outside of the transaction logic, > so 'get' and 'dump' handlers have to emit audit log entries themselves. > > Cc: Richard Guy Briggs <[email protected]> > Fixes: 8daa8fde3fc3f ("netfilter: nf_tables: Introduce NFT_MSG_GETRULE_RESET") > Signed-off-by: Phil Sutter <[email protected]> > --- > include/linux/audit.h | 1 + > kernel/auditsc.c | 1 + > net/netfilter/nf_tables_api.c | 18 ++++++++++++++++++ > 3 files changed, 20 insertions(+)
See my comments in patch 1/2. Acked-by: Paul Moore <[email protected]> -- paul-moore.com -- Linux-audit mailing list [email protected] https://listman.redhat.com/mailman/listinfo/linux-audit
