On Thu, 2013-06-20 at 11:02 +0800, Gao feng wrote:
On 06/20/2013 04:51 AM, Eric Paris wrote:
On Wed, 2013-06-19 at 16:49 -0400, Aristeu Rozanski wrote:
On Wed, Jun 19, 2013 at 09:53:32AM +0800, Gao feng wrote:
This patchset is first part of namespace support for audit.
in this patchset,
This patchset is first part of namespace support for audit.
in this patchset, the mainly resources of audit system have
been isolated. the audit filter, rules havn't been isolated
now. It will be implemented in Part2. We finished the isolation
of user audit message in this patchset.
I choose to
On Wed, Jun 19, 2013 at 09:53:32AM +0800, Gao feng wrote:
This patchset is first part of namespace support for audit.
in this patchset, the mainly resources of audit system have
been isolated. the audit filter, rules havn't been isolated
now. It will be implemented in Part2. We finished the
Eric Paris epa...@redhat.com writes:
On Wed, 2013-06-19 at 16:49 -0400, Aristeu Rozanski wrote:
On Wed, Jun 19, 2013 at 09:53:32AM +0800, Gao feng wrote:
This patchset is first part of namespace support for audit.
in this patchset, the mainly resources of audit system have
been isolated.
This patch moves the integrity_audit_msg() function and defintion to
security/integrity/, the parent directory, renames the 'ima_audit'
boot command line option to 'integrity_audit', and fixes the Kconfig
help text to reflect the actual code.
Changelog:
- Fixed ifdef inclusion of
Before modifying an EVM protected extended attribute or any other
metadata included in the HMAC calculation, the existing 'security.evm'
is verified. This patch adds calls to integrity_audit_msg() to audit
integrity metadata failures.
Reported-by: Sven Vermeulen sven.vermeu...@siphos.be
On 06/20/2013 09:02 PM, Eric Paris wrote:
On Thu, 2013-06-20 at 11:02 +0800, Gao feng wrote:
On 06/20/2013 04:51 AM, Eric Paris wrote:
On Wed, 2013-06-19 at 16:49 -0400, Aristeu Rozanski wrote:
On Wed, Jun 19, 2013 at 09:53:32AM +0800, Gao feng wrote:
This patchset is first part of namespace
On 06/21/2013 06:01 AM, Eric W. Biederman wrote:
Gao feng gaof...@cn.fujitsu.com writes:
On 06/20/2013 11:02 AM, Gao feng wrote:
If we don't tie audit to user namespace, there is still one problem.
One more problem. some audit messages are generated by some net subsystem
such as netfilter.