On 06/06/2018 12:58 PM, Richard Guy Briggs wrote:
Implement kernel audit container identifier.
What tree does this series build upon as a base? I don't seem to find
one with the necessary base patches applied.
Stefan
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redha
="/usr/bin/echo" \
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
Signed-off-by: Stefan Berger
---
include/uapi/linux/audit.h | 1 +
security/integrity/ima/ima_policy.c | 4 ++--
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/include/uapi/linux/audit.h b/include/ua
Remove the usage of audit_log_string() and replace it with
audit_log_format().
Signed-off-by: Stefan Berger
Suggested-by: Steve Grubb
Reviewed-by: Mimi Zohar
Acked-by: Paul Moore
---
security/integrity/ima/ima_policy.c | 3 +--
security/integrity/integrity_audit.c | 6 +-
2 files
that extended existing messages with missing
fields
- Using audit_log_task_info() for new record type in last patch
- rebased on security-next; new message type is now 1807
Stefan Berger (4):
ima: Call audit_log_string() rather than logging it untrusted
ima: Use audit_log_format
If Integrity is not auditing, IMA shouldn't audit, either.
Signed-off-by: Stefan Berger
---
security/integrity/ima/Kconfig | 1 +
security/integrity/ima/ima_policy.c | 6 +-
security/integrity/integrity.h | 15 +++
3 files changed, 21 insertions(+), 1 del
The parameters passed to this logging function are all provided by
a privileged user and therefore we can call audit_log_string()
rather than audit_log_untrustedstring().
Signed-off-by: Stefan Berger
Suggested-by: Steve Grubb
Acked-by: Paul Moore
---
security/integrity/ima/ima_policy.c | 2
On 06/01/2018 04:13 PM, Paul Moore wrote:
On Fri, Jun 1, 2018 at 4:00 PM, Stefan Berger
wrote:
On 05/30/2018 07:34 PM, Richard Guy Briggs wrote:
On 2018-05-30 17:38, Stefan Berger wrote:
On 05/30/2018 05:22 PM, Paul Moore wrote:
On Wed, May 30, 2018 at 9:08 AM, Stefan Berger
wrote:
On 05
On 05/30/2018 07:34 PM, Richard Guy Briggs wrote:
On 2018-05-30 17:38, Stefan Berger wrote:
On 05/30/2018 05:22 PM, Paul Moore wrote:
On Wed, May 30, 2018 at 9:08 AM, Stefan Berger
wrote:
On 05/30/2018 08:49 AM, Richard Guy Briggs wrote:
On 2018-05-24 16:11, Stefan Berger wrote:
The
The parameters passed to this logging function are all provided by
a privileged user and therefore we can call audit_log_string()
rather than audit_log_untrustedstring().
Signed-off-by: Stefan Berger
Suggested-by: Steve Grubb
Acked-by: Paul Moore
---
security/integrity/ima/ima_policy.c | 2
Remove the usage of audit_log_string() and replace it with
audit_log_format().
Signed-off-by: Stefan Berger
Suggested-by: Steve Grubb
Reviewed-by: Mimi Zohar
Acked-by: Paul Moore
---
security/integrity/ima/ima_policy.c | 3 +--
security/integrity/integrity_audit.c | 6 +-
2 files
; exe="/usr/bin/echo" \
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 res=1
Signed-off-by: Stefan Berger
---
include/uapi/linux/audit.h | 1 +
security/integrity/ima/ima_policy.c | 12 +---
2 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/includ
If Integrity is not auditing, IMA shouldn't audit, either.
Signed-off-by: Stefan Berger
---
security/integrity/ima/Kconfig | 1 +
security/integrity/ima/ima_policy.c | 6 +-
security/integrity/integrity.h | 15 +++
3 files changed, 21 insertions(+), 1 del
ask_info() for new record type in last patch
- rebased on security-next; new message type is now 1807
Stefan Berger (4):
ima: Call audit_log_string() rather than logging it untrusted
ima: Use audit_log_format() rather than audit_log_string()
ima: Do not audit if CONFIG_INTEGRITY_AUDIT is not s
On 05/30/2018 06:00 PM, Mimi Zohar wrote:
On Wed, 2018-05-30 at 17:49 -0400, Stefan Berger wrote:
So the other choice is to only keep patches 1,2, 6, and 7, so leave most
of the integrity audit messages untouched. Then only create a different
format for the new AUDIT_INTEGRITY_POLICY_RULE
On 05/30/2018 05:24 PM, Paul Moore wrote:
On Wed, May 30, 2018 at 3:54 PM, Stefan Berger
wrote:
On 05/30/2018 12:27 PM, Steve Grubb wrote:
On Wednesday, May 30, 2018 11:25:05 AM EDT Stefan Berger wrote:
On 05/30/2018 11:15 AM, Steve Grubb wrote:
On Wednesday, May 30, 2018 9:54:00 AM EDT
On 05/30/2018 05:22 PM, Paul Moore wrote:
On Wed, May 30, 2018 at 9:08 AM, Stefan Berger
wrote:
On 05/30/2018 08:49 AM, Richard Guy Briggs wrote:
On 2018-05-24 16:11, Stefan Berger wrote:
The AUDIT_INTEGRITY_RULE is used for auditing IMA policy rules and
the IMA "audit" policy act
On 05/30/2018 12:27 PM, Steve Grubb wrote:
On Wednesday, May 30, 2018 11:25:05 AM EDT Stefan Berger wrote:
On 05/30/2018 11:15 AM, Steve Grubb wrote:
On Wednesday, May 30, 2018 9:54:00 AM EDT Stefan Berger wrote:
On 05/29/2018 05:30 PM, Steve Grubb wrote:
Hello,
On Thursday, May 24, 2018 4
On 05/29/2018 05:07 PM, Paul Moore wrote:
On Thu, May 24, 2018 at 4:11 PM, Stefan Berger
wrote:
+void audit_log_tty(struct audit_buffer *ab, struct task_struct *tsk)
+{
+ struct tty_struct *tty = audit_get_tty(tsk);
+
+ audit_log_format(ab, " tty=%s", tty ? tty_name(tty
On 05/30/2018 11:15 AM, Steve Grubb wrote:
On Wednesday, May 30, 2018 9:54:00 AM EDT Stefan Berger wrote:
On 05/29/2018 05:30 PM, Steve Grubb wrote:
Hello,
On Thursday, May 24, 2018 4:11:05 PM EDT Stefan Berger wrote:
The AUDIT_INTEGRITY_RULE is used for auditing IMA policy rules and
the IMA
On 05/29/2018 05:30 PM, Steve Grubb wrote:
Hello,
On Thursday, May 24, 2018 4:11:05 PM EDT Stefan Berger wrote:
The AUDIT_INTEGRITY_RULE is used for auditing IMA policy rules and
the IMA "audit" policy action. This patch defines
AUDIT_INTEGRITY_POLICY_RULE to reflect the IMA po
On 05/30/2018 08:49 AM, Richard Guy Briggs wrote:
On 2018-05-24 16:11, Stefan Berger wrote:
The AUDIT_INTEGRITY_RULE is used for auditing IMA policy rules and
the IMA "audit" policy action. This patch defines
AUDIT_INTEGRITY_POLICY_RULE to reflect the IMA policy rules.
With this cha
On 05/29/2018 05:32 PM, Steve Grubb wrote:
On Thursday, May 24, 2018 4:11:03 PM EDT Stefan Berger wrote:
Factor out a common part of integrity_audit_msg() that others
can also call.
After all of these changes, do you mind sending an example event for testing/
review?
Adding example to 5/8
On 05/29/2018 05:19 PM, Paul Moore wrote:
On Thu, May 24, 2018 at 4:11 PM, Stefan Berger
wrote:
Use the new public audit functions to add the exe= and tty=
parts to the integrity audit records. We place them before
res=.
Signed-off-by: Stefan Berger
Suggested-by: Steve Grubb
---
security
Factor out a common part of integrity_audit_msg() that others
can also call.
Signed-off-by: Stefan Berger
---
security/integrity/integrity.h | 16
security/integrity/integrity_audit.c | 24
2 files changed, 32 insertions(+), 8 deletions(-)
diff
common for audit records
produced by IMA. Besides that we introduce a new record type
that IMA creates while parsing policy rules.
Stefan
Stefan Berger (8):
ima: Call audit_log_string() rather than logging it untrusted
ima: Use audit_log_format() rather than audit_log_string()
audit:
" exe="/usr/bin/echo" \
tty=tty2 res=1
Signed-off-by: Stefan Berger
---
include/uapi/linux/audit.h | 3 ++-
security/integrity/ima/ima_policy.c | 5 +++--
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/include/uapi/linux/audit.h b/include/uapi/li
Use the new public audit functions to add the exe= and tty=
parts to the integrity audit records. We place them before
res=.
Signed-off-by: Stefan Berger
Suggested-by: Steve Grubb
---
security/integrity/integrity_audit.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/security/integrity
Remove the usage of audit_log_string() and replace it with
audit_log_format().
Signed-off-by: Stefan Berger
Suggested-by: Steve Grubb
Reviewed-by: Mimi Zohar
---
security/integrity/ima/ima_policy.c | 3 +--
security/integrity/integrity_audit.c | 6 +-
2 files changed, 2 insertions(+), 7
The parameters passed to this logging function are all provided by
a privileged user and therefore we can call audit_log_string()
rather than audit_log_untrustedstring().
Signed-off-by: Stefan Berger
Suggested-by: Steve Grubb
---
security/integrity/ima/ima_policy.c | 2 +-
1 file changed, 1
If Integrity is not auditing, IMA shouldn't audit, either.
Signed-off-by: Stefan Berger
---
security/integrity/ima/Kconfig | 1 +
security/integrity/ima/ima_policy.c | 6 +-
security/integrity/integrity.h | 10 ++
3 files changed, 16 insertions(+), 1 deletion(-)
Implement audit_log_tty() so that IMA can add tty= to its audit records.
Signed-off-by: Stefan Berger
---
include/linux/audit.h | 5 +
kernel/audit.c| 8
2 files changed, 13 insertions(+)
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 90aa63ddc9be
Add the prototype for audit_log_d_path_exe() so that it can be
called by IMA later in this series.
Signed-off-by: Stefan Berger
Reviewed-by: Mimi Zohar
---
include/linux/audit.h | 5 +
1 file changed, 5 insertions(+)
diff --git a/include/linux/audit.h b/include/linux/audit.h
index
On 05/21/2018 02:30 PM, Steve Grubb wrote:
Hello Stefan,
On Monday, May 21, 2018 1:53:04 PM EDT Stefan Berger wrote:
On 05/21/2018 12:58 PM, Steve Grubb wrote:
On Thursday, May 17, 2018 10:18:13 AM EDT Stefan Berger wrote:
audit_log_container_info() then releasing the local context. This
On 05/21/2018 01:21 PM, Steve Grubb wrote:
On Friday, May 18, 2018 12:34:24 PM EDT Mimi Zohar wrote:
On Fri, 2018-05-18 at 11:56 -0400, Richard Guy Briggs wrote:
On 2018-05-18 10:39, Mimi Zohar wrote:
On Fri, 2018-05-18 at 09:54 -0400, Stefan Berger wrote:
On 05/18/2018 08:53 AM, Mimi Zohar
On 05/21/2018 12:58 PM, Steve Grubb wrote:
On Thursday, May 17, 2018 10:18:13 AM EDT Stefan Berger wrote:
audit_log_container_info() then releasing the local context. This
version of the record has additional concerns covered here:
https://github.com/linux-audit/audit-kernel/issues/52
On 05/18/2018 11:45 AM, Richard Guy Briggs wrote:
On 2018-05-18 07:49, Stefan Berger wrote:
On 05/17/2018 05:30 PM, Richard Guy Briggs wrote:
On 2018-05-17 10:18, Stefan Berger wrote:
On 03/08/2018 06:21 AM, Richard Guy Briggs wrote:
On 2018-03-05 09:24, Mimi Zohar wrote:
On Mon, 2018-03-05
On 05/18/2018 10:39 AM, Mimi Zohar wrote:
On Fri, 2018-05-18 at 09:54 -0400, Stefan Berger wrote:
On 05/18/2018 08:53 AM, Mimi Zohar wrote:
[..]
If so, which ones? We could probably refactor the current
integrity_audit_message() and have ima_parse_rule() call into it to get
those fields as
On 05/18/2018 08:53 AM, Mimi Zohar wrote:
On Fri, 2018-05-18 at 07:49 -0400, Stefan Berger wrote:
On 05/17/2018 05:30 PM, Richard Guy Briggs wrote:
[...]
auxiliary record either by being converted to a syscall auxiliary record
by using current->audit_context rather than NULL when call
On 05/17/2018 05:30 PM, Richard Guy Briggs wrote:
On 2018-05-17 10:18, Stefan Berger wrote:
On 03/08/2018 06:21 AM, Richard Guy Briggs wrote:
On 2018-03-05 09:24, Mimi Zohar wrote:
On Mon, 2018-03-05 at 08:50 -0500, Richard Guy Briggs wrote:
On 2018-03-05 08:43, Mimi Zohar wrote:
Hi Richard
On 03/08/2018 06:21 AM, Richard Guy Briggs wrote:
On 2018-03-05 09:24, Mimi Zohar wrote:
On Mon, 2018-03-05 at 08:50 -0500, Richard Guy Briggs wrote:
On 2018-03-05 08:43, Mimi Zohar wrote:
Hi Richard,
This patch has been compiled, but not runtime tested.
Ok, great, thank you. I assume you a
On 04/18/2018 03:23 PM, Richard Guy Briggs wrote:
On 2018-04-18 14:45, Stefan Berger wrote:
On 03/15/2018 11:58 PM, Richard Guy Briggs wrote:
On 2018-03-15 16:27, Stefan Berger wrote:
On 03/01/2018 02:41 PM, Richard Guy Briggs wrote:
Implement the proc fs write to set the audit container ID
On 03/15/2018 11:58 PM, Richard Guy Briggs wrote:
On 2018-03-15 16:27, Stefan Berger wrote:
On 03/01/2018 02:41 PM, Richard Guy Briggs wrote:
Implement the proc fs write to set the audit container ID of a process,
emitting an AUDIT_CONTAINER record to document the event.
This is a write from
On 03/01/2018 02:41 PM, Richard Guy Briggs wrote:
Implement the proc fs write to set the audit container ID of a process,
emitting an AUDIT_CONTAINER record to document the event.
This is a write from the container orchestrator task to a proc entry of
the form /proc/PID/containerid where PID is
43 matches
Mail list logo