/scm/linux/kernel/git/pcmoore/audit.git
tags/audit-pr-20180605
for you to fetch changes up to 5b71388663c0920848c0ee7de946970a2692b76d:
audit: Fix wrong task in comparison of session ID
(2018-05-21 14:27:43 -0400)
audit/stable
Remove comparison of audit_enabled to magic numbers outside of audit.
Related: https://github.com/linux-audit/audit-kernel/issues/86
Signed-off-by: Richard Guy Briggs
---
drivers/tty/tty_audit.c | 2 +-
include/linux/audit.h| 5 -
include/net/xfrm.h | 2 +-
On Tue, Jun 5, 2018 at 10:15 AM, Mimi Zohar wrote:
> Hi Paul,
>
> On Mon, 2018-06-04 at 20:21 -0400, Paul Moore wrote:
>> On Mon, Jun 4, 2018 at 4:54 PM, Stefan Berger
>> wrote:
>> > The AUDIT_INTEGRITY_RULE is used for auditing IMA policy rules and
>> > the IMA "audit" policy action. This
Hi Paul,
On Mon, 2018-06-04 at 20:21 -0400, Paul Moore wrote:
> On Mon, Jun 4, 2018 at 4:54 PM, Stefan Berger
> wrote:
> > The AUDIT_INTEGRITY_RULE is used for auditing IMA policy rules and
> > the IMA "audit" policy action. This patch defines
> > AUDIT_INTEGRITY_POLICY_RULE to reflect the IMA
2018-06-05 0:19 GMT+02:00 Paul Moore :
> On Fri, Jun 1, 2018 at 4:05 PM, Richard Guy Briggs wrote:
>> On 2018-06-01 10:12, Ondrej Mosnacek wrote:
>
> ...
>
>>> audit_receive_msg -- this function doesn't work with context at all,
>>> so I wasn't sure if audit_filter should consider it being NULL
2018-06-04 22:41 GMT+02:00 Paul Moore :
> On Wed, May 30, 2018 at 4:45 AM, Ondrej Mosnacek wrote:
>> This patch removes the restriction of the AUDIT_EXE field to only
>> SYSCALL filter and teaches audit_filter to recognize this field.
>>
>> This makes it possible to write rule lists such as:
>>
The audit_filter_rules() function in auditsc.c used the in_[e]group_p()
functions to check GID/EGID match, but these functions use the current
task's credentials, while the comparison should use the credentials of
the task given to audit_filter_rules() as a parameter (tsk).
Note that we can use