Error handling of auditctl -w

2020-06-16 Thread Stefan Tauner
Hi, I was wondering why my auditctl executions do not print any errors but apparently didn't do anything. After checking the return value (which was 255) I looked at the code and noticed that audit_setup_perms() and audit_update_watch_perms() have virtually no user-visible error reporting. --

Re: [PATCH 1/2] integrity: Add errno field in audit message

2020-06-16 Thread Steve Grubb
On Tuesday, June 16, 2020 3:53:40 PM EDT Mimi Zohar wrote: > On Tue, 2020-06-16 at 11:55 -0400, Steve Grubb wrote: > > On Tuesday, June 16, 2020 11:43:31 AM EDT Lakshmi Ramasubramanian wrote: > > > On 6/16/20 8:29 AM, Steve Grubb wrote: > > > > The idea is a good idea, but you're assuming that

Re: [PATCH 1/2] integrity: Add errno field in audit message

2020-06-16 Thread Mimi Zohar
On Tue, 2020-06-16 at 11:55 -0400, Steve Grubb wrote: > On Tuesday, June 16, 2020 11:43:31 AM EDT Lakshmi Ramasubramanian wrote: > > On 6/16/20 8:29 AM, Steve Grubb wrote: > > > The idea is a good idea, but you're assuming that "result" is always > > > errno. That was probably true

Re: [PATCH 1/2] integrity: Add errno field in audit message

2020-06-16 Thread Steve Grubb
On Tuesday, June 16, 2020 11:43:31 AM EDT Lakshmi Ramasubramanian wrote: > On 6/16/20 8:29 AM, Steve Grubb wrote: > > The idea is a good idea, but you're assuming that "result" is always > > errno. That was probably true originally, but isn't now. For > > example,

Re: [PATCH 1/2] integrity: Add errno field in audit message

2020-06-16 Thread Lakshmi Ramasubramanian
On 6/16/20 8:29 AM, Steve Grubb wrote: The idea is a good idea, but you're assuming that "result" is always errno. That was probably true originally, but isn't now. For example, ima_appraise_measurement() calls xattr_verify(), which compares the security.ima hash with the calculated file

Re: [PATCH v2 1/2] integrity: Add result field in audit message

2020-06-16 Thread Steve Grubb
On Monday, June 15, 2020 6:51:22 PM EDT Paul Moore wrote: > On Fri, Jun 12, 2020 at 10:26 PM Lakshmi Ramasubramanian > > wrote: > > Result code is not included in the audit messages logged by > > the integrity subsystem. Add "result" field in the audit messages > > logged by the integrity

Re: [PATCH 1/2] integrity: Add errno field in audit message

2020-06-16 Thread Steve Grubb
On Monday, June 15, 2020 6:58:13 PM EDT Paul Moore wrote: > On Mon, Jun 15, 2020 at 6:23 PM Steve Grubb wrote: > > On Friday, June 12, 2020 3:50:14 PM EDT Lakshmi Ramasubramanian wrote: > > > On 6/12/20 12:25 PM, Mimi Zohar wrote: > > > > The idea is a good idea, but you're assuming that "result"

[PATCH ghau86] allow LOGIN event record to be grouped with its SYSCALL record

2020-06-16 Thread Richard Guy Briggs
LOGIN records were not grouped with the rest of their event, records with the identical timestamp and serial number: time->Tue Mar 19 12:23:15 2019 type=LOGIN msg=audit(1553012595.401:219): pid=647 uid=0 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 old-auid=4294967295 auid=0