Re: [PATCH 1/7] audit: implement generic feature setting and retrieving

On Mon, Jul 8, 2013 at 2:55 PM, Eric Paris wrote: > On Mon, 2013-07-08 at 16:28 -0400, Steve Grubb wrote: > > On Friday, May 24, 2013 12:11:44 PM Eric Paris wrote: > > > The audit_status structure was not designed with extensibility in mind. > > > Define a new AUDIT_SET_FEATURE message type which

Re: [PATCH 1/7] audit: implement generic feature setting and retrieving

On Mon, 2013-07-08 at 16:28 -0400, Steve Grubb wrote: > On Friday, May 24, 2013 12:11:44 PM Eric Paris wrote: > > The audit_status structure was not designed with extensibility in mind. > > Define a new AUDIT_SET_FEATURE message type which takes a new structure > > of bits where things can be enabl

Re: [PATCH 7/7] audit: audit feature to set loginuid immutable

On Mon, 2013-07-08 at 17:26 -0400, Steve Grubb wrote: > On Monday, July 08, 2013 04:51:20 PM Eric Paris wrote: > > If we don't trust the audit system initialization we already lost and no > > amount of audit= is going to change that. > > I'm thinking more about High Assurance cases where the bo

Re: [PATCH 7/7] audit: audit feature to set loginuid immutable

On Monday, July 08, 2013 04:51:20 PM Eric Paris wrote: > On Mon, 2013-07-08 at 16:34 -0400, Steve Grubb wrote: > > On Friday, May 24, 2013 12:11:50 PM Eric Paris wrote: > > > This adds a new 'audit_feature' bit which allows userspace to set it > > > such that the loginuid is absolutely immutable, e

Re: [PATCH 7/7] audit: audit feature to set loginuid immutable

On Mon, 2013-07-08 at 16:34 -0400, Steve Grubb wrote: > On Friday, May 24, 2013 12:11:50 PM Eric Paris wrote: > > This adds a new 'audit_feature' bit which allows userspace to set it > > such that the loginuid is absolutely immutable, even if you have > > CAP_AUDIT_CONTROL. > > I'm also not sure I

Re: [PATCH 7/7] audit: audit feature to set loginuid immutable

On Friday, May 24, 2013 12:11:50 PM Eric Paris wrote: > This adds a new 'audit_feature' bit which allows userspace to set it > such that the loginuid is absolutely immutable, even if you have > CAP_AUDIT_CONTROL. I'm also not sure I like it done this way. What I was thinking about is that we shou

Re: [PATCH 1/7] audit: implement generic feature setting and retrieving

On Friday, May 24, 2013 12:11:44 PM Eric Paris wrote: > The audit_status structure was not designed with extensibility in mind. > Define a new AUDIT_SET_FEATURE message type which takes a new structure > of bits where things can be enabled/disabled/locked one at a time. This changes how we have be

Re: [PATCH] audit: audit on the future execution of a binary.

On Wednesday, July 03, 2013 10:48:56 PM Richard Guy Briggs wrote: > I've gone back over the discussion of this feature and some of the > background in the past couple of years on this list... > > We've got a kernel deadline coming up in the next month if we want to > get something included in RHEL

Re: [PATCH] audit: audit on the future execution of a binary.

On Sun, Jul 07, 2013 at 03:41:41PM -0700, Peter Moody wrote: > > On Wed, Jul 03 2013 at 19:48, Richard Guy Briggs wrote: > > On Thu, Aug 23, 2012 at 12:24:00PM -0700, Peter Moody wrote: > >> This adds the ability audit the actions of a not-yet-running process, > >> as well as the children of a not

Re: chmod32, lchmod32, etc?

On Monday, July 08, 2013 01:53:24 PM leam hall wrote: > Morning all! My first post to the list. > > I'm getting errors on a RHEL 5 box when I add audit rules for chown32 and > lchown32. > > Info on the box: > > Linux myhost 2.6.18-348.6.1.el5 #1 SMP Fri Apr 26 09:21:26 EDT 2013 x86_64 > x86_64 x

chmod32, lchmod32, etc?

Morning all! My first post to the list. I'm getting errors on a RHEL 5 box when I add audit rules for chown32 and lchown32. Info on the box: Linux myhost 2.6.18-348.6.1.el5 #1 SMP Fri Apr 26 09:21:26 EDT 2013 x86_64 x86_64 x86_64 GNU/Linux Error: service auditd restart Stopping auditd: