Re: [PATCH] audit: update bugtracker and source URIs

2018-02-03 Thread Paul Moore 
On Sat, Feb 3, 2018 at 12:33 AM, Richard Guy Briggs  wrote:
> Since the Linux Audit project has transitioned completely over to
> github, update the MAINTAINERS file and the primary audit source file to
> reflect that reality.
>
> Signed-off-by: Richard Guy Briggs 
> ---
>  MAINTAINERS| 1 -
>  kernel/audit.c | 3 ++-
>  2 files changed, 2 insertions(+), 2 deletions(-)

Thanks for the revision, especially considering it was a really small
nit.  I'll queue this up for after the merge window.

> diff --git a/MAINTAINERS b/MAINTAINERS
> index 845fc25..fba4875 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -2479,7 +2479,6 @@ M:Paul Moore 
>  M: Eric Paris 
>  L: linux-audit@redhat.com (moderated for non-subscribers)
>  W: https://github.com/linux-audit
> -W: https://people.redhat.com/sgrubb/audit
>  T: git git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git
>  S: Supported
>  F: include/linux/audit.h
> diff --git a/kernel/audit.c b/kernel/audit.c
> index 227db99..5c25449 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -38,7 +38,8 @@
>   *   6) Support low-overhead kernel-based filtering to minimize the
>   *  information that must be passed to user-space.
>   *
> - * Example user-space utilities: http://people.redhat.com/sgrubb/audit/
> + * Audit userspace, documentation, tests, and bug/issue trackers:
> + * https://github.com/linux-audit
>   */
>
>  #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> --
> 1.8.3.1
>
> --
> Linux-audit mailing list
> Linux-audit@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit



-- 
paul moore
www.paul-moore.com

--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit

Re: RFC(V3): Audit Kernel Container IDs

2018-02-03 Thread Serge E. Hallyn 
On Fri, Feb 02, 2018 at 05:05:22PM -0500, Paul Moore wrote:
> On Tue, Jan 9, 2018 at 7:16 AM, Richard Guy Briggs  wrote:
> > Containers are a userspace concept.  The kernel knows nothing of them.
> >
> > The Linux audit system needs a way to be able to track the container
> > provenance of events and actions.  Audit needs the kernel's help to do
> > this.
> 
> Two small comments below, but I tend to think we are at a point where
> you can start cobbling together some prototype/RFC patches.  Surely

Agreed.

LGTM.

> there are going to be a few changes, and new comments, that come out
> once we see an initial implementation so let's see what those are.

thanks,
-serge

--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit