On Tue, Oct 26, 2021 at 12:03:53PM -0700, Deven Bowers wrote:
> > > The proposed LSM (IPE) of this series will be the only one to need
> > > this information at the moment. IPE’s goal is to have provide
> > > trust-based access control. Trust and Integrity are tied together,
> > > as you cannot
The existing check would never trigger since add and del are defaulted to
AUDIT_FILTER_UNSET which is not zero.
Signed-off-by: Richard Guy Briggs
---
src/auditctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/auditctl.c b/src/auditctl.c
index
Signed-off-by: Richard Guy Briggs
---
docs/ausearch.8| 3 +
src/ausearch-common.h | 1 +
src/ausearch-llist.c | 2 +
src/ausearch-llist.h | 1 +
src/ausearch-lookup.c | 25 +
src/ausearch-lookup.h | 1 +
src/ausearch-match.c | 6 +-
src/ausearch-options.c |
Signed-off-by: Richard Guy Briggs
---
auparse/normalize.c| 1 +
auparse/normalize_record_map.h | 1 +
2 files changed, 2 insertions(+)
diff --git a/auparse/normalize.c b/auparse/normalize.c
index 0ccabc5e397e..55943263f4a4 100644
--- a/auparse/normalize.c
+++ b/auparse/normalize.c
On Thursday, October 28, 2021 3:48:39 PM EDT Richard Guy Briggs wrote:
> The former has no activity since pre-1.7.4, no in-tree users and no
> manpage, so remove it. The latter is only used locally, remove prototype.
The purpose for this is lost in time. Applied.
Thanks,
-Steve
>
On Thursday, October 28, 2021 3:48:57 PM EDT Richard Guy Briggs wrote:
> The existing check would never trigger since add and del are defaulted to
> AUDIT_FILTER_UNSET which is not zero.
Thanks! Applied.
-Steve
> Signed-off-by: Richard Guy Briggs
> ---
> src/auditctl.c | 2 +-
> 1 file
On 10/27/2021 8:48 PM, Eric Biggers wrote:
On Tue, Oct 26, 2021 at 12:03:53PM -0700, Deven Bowers wrote:
The proposed LSM (IPE) of this series will be the only one to need
this information at the moment. IPE’s goal is to have provide
trust-based access control. Trust and Integrity are tied
Kernel support to audit io_uring operations was added with commit
5bd2182d58e9 ("audit,io_uring,io-wq: add some basic audit support to
io_uring"). Add basic support to recognize the "AUDIT_URINGOP" record.
Signed-off-by: Richard Guy Briggs
---
lib/libaudit.h| 4
lib/msg_typetab.h | 1
On 10/27/2021 1:26 AM, Roberto Sassu wrote:
From: Deven Bowers [mailto:deven.de...@linux.microsoft.com]
Sent: Tuesday, October 26, 2021 9:04 PM
On 10/25/2021 4:30 AM, Roberto Sassu wrote:
From:deven.de...@linux.microsoft.com
[mailto:deven.de...@linux.microsoft.com]
From: Deven Bowers
On Thursday, October 28, 2021 3:59:33 PM EDT Richard Guy Briggs wrote:
> Kernel support to audit io_uring operations was added with commit
> 5bd2182d58e9 ("audit,io_uring,io-wq: add some basic audit support to
> io_uring"). Add basic support to recognize the "AUDIT_URINGOP" record.
Thanks!
The "filesystem" filter was added 2017-10-05 with
commit 38ec69344689ac7886812890cb3e2cc97c0c112c
("filter: add filesystem filter with fstype")
Add the list name to the usage text.
Signed-off-by: Richard Guy Briggs
---
docs/audit.rules.7 | 4 ++--
src/auditctl.c | 2 +-
2 files
On 2021-10-04 10:59, Steve Grubb wrote:
> On Monday, October 4, 2021 9:27:33 AM EDT Paul Moore wrote:
> > On Mon, Oct 4, 2021 at 8:40 AM Richard Guy Briggs wrote:
> > > On 2021-10-03 19:21, Paul Moore wrote:
> > > > On Sat, Oct 2, 2021 at 9:16 AM Steve Grubb wrote:
> > > > > On Thursday,
Kernel support to audit io_uring operations was added with commit 5bd2182d58e9
("audit,io_uring,io-wq: add some basic audit support to io_uring"). Add
support to interpret the "uringop" record field.
Signed-off-by: Richard Guy Briggs
---
audisp/plugins/ids/model_behavior.c | 1 +
Signed-off-by: Richard Guy Briggs
---
docs/aureport.8| 3 +++
src/aureport-options.c | 19 ++-
src/aureport-options.h | 2 +-
src/aureport-output.c | 37 +
src/aureport-scan.c| 26 ++
src/aureport-scan.h
Audit support for iouring went into the upstream kernel with commit
5bd2182d58e9 ("audit,io_uring,io-wq: add some basic audit support to io_uring")
and commit 67daf270cebc ("audit: add filtering for io_uring records").
Add userspace support for AUDIT_URINGOP records, uringop fields and the
The former has no activity since pre-1.7.4, no in-tree users and no manpage, so
remove it. The latter is only used locally, remove prototype.
Signed-off-by: Richard Guy Briggs
---
lib/libaudit.c | 5 -
lib/libaudit.h | 2 --
2 files changed, 7 deletions(-)
diff --git a/lib/libaudit.c
Signed-off-by: Richard Guy Briggs
---
lib/Makefile.am| 17 ++--
lib/lookup_table.c | 5 ++--
lib/test/lookup_test.c | 17
lib/uringop_table.h| 62 ++
4 files changed, 97 insertions(+), 4 deletions(-)
create mode
Kernel support to audit io_uring operations filtering was added with
commit 67daf270cebc ("audit: add filtering for io_uring records"). Add support
for the "uring" filter list to auditctl.
Signed-off-by: Richard Guy Briggs
---
docs/audit.rules.7 | 19 --
docs/audit_add_rule_data.3
On Thursday, October 28, 2021 3:49:12 PM EDT Richard Guy Briggs wrote:
> The "filesystem" filter was added 2017-10-05 with
> commit 38ec69344689ac7886812890cb3e2cc97c0c112c
> ("filter: add filesystem filter with fstype")
>
> Add the list name to the usage text.
Thanks! Applied.
-Steve
--
19 matches
Mail list logo