it to Linus ? (I could, but it's a large
patch for a bugfix and he'd probably be happier seeing it from you at
this point in the development cycle).
Acked-by: James Morris [EMAIL PROTECTED]
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 4f5745a..6bbfe91 100644
--- a/fs/proc/base.c
--
James Morris
[EMAIL PROTECTED]
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
existing audit apps.
This is a small change to accomodate updating
ipsec protocol to RFCs 4301, 4302 and 4303 which
require auditing some ipsec events if auditing
is available. Please let me know if ok.
Regards,
Joy
Signed-off-by: Joy Latten [EMAIL PROTECTED]
Acked-by: James Morris
on software development
* Proper spacing around commas in function arguments
Minor style tweak since I was already touching the code
Signed-off-by: Paul Moore [EMAIL PROTECTED]
Acked-by: James Morris [EMAIL PROTECTED]
---
include/net/xfrm.h | 14 ++---
net/xfrm
On Sat, 1 Mar 2008, Ahmed S. Darwish wrote:
Setup the new inode_getsecid and ipc_getsecid() LSM hooks
for SELinux.
Signed-off-by: Casey Schaufler [EMAIL PROTECTED]
Signed-off-by: Ahmed S. Darwish [EMAIL PROTECTED]
Acked-by: James Morris [EMAIL PROTECTED]
--
James Morris
[EMAIL
Schaufler [EMAIL PROTECTED]
Signed-off-by: Ahmed S. Darwish [EMAIL PROTECTED]
Acked-by: James Morris [EMAIL PROTECTED]
--
James Morris
[EMAIL PROTECTED]
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
On Sat, 1 Mar 2008, Ahmed S. Darwish wrote:
Don't use SELinux exported selinux_get_task_sid symbol.
Use the generic LSM equivalent instead.
Signed-off-by: Casey Schaufler [EMAIL PROTECTED]
Signed-off-by: Ahmed S. Darwish [EMAIL PROTECTED]
Acked-by: James Morris [EMAIL PROTECTED
Morris [EMAIL PROTECTED]
--
James Morris
[EMAIL PROTECTED]
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
hooks are only available if CONFIG_AUDIT is enabled.
Signed-off-by: Casey Schaufler [EMAIL PROTECTED]
Signed-off-by: Ahmed S. Darwish [EMAIL PROTECTED]
Acked-by: James Morris [EMAIL PROTECTED]
--
James Morris
[EMAIL PROTECTED]
--
Linux-audit mailing list
Linux-audit@redhat.com
https
) :
selinux_audit_rule_init
selinux_audit_rule_free
audit_rule_has_selinux
selinux_audit_rule_match
Signed-off-by: Casey Schaufler [EMAIL PROTECTED]
Signed-off-by: Ahmed S. Darwish [EMAIL PROTECTED]
Acked-by: James Morris [EMAIL PROTECTED]
--
James Morris
[EMAIL PROTECTED]
--
Linux-audit mailing
'audit_rule_known'.
Signed-off-by: Casey Schaufler [EMAIL PROTECTED]
Signed-off-by: Ahmed S. Darwish [EMAIL PROTECTED]
Acked-by: James Morris [EMAIL PROTECTED]
--
James Morris
[EMAIL PROTECTED]
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
On Sat, 1 Mar 2008, Ahmed S. Darwish wrote:
Rename the se_str and se_rule audit fields elements to
lsm_str and lsm_rule to avoid confusion.
Signed-off-by: Casey Schaufler [EMAIL PROTECTED]
Signed-off-by: Ahmed S. Darwish [EMAIL PROTECTED]
Acked-by: James Morris [EMAIL PROTECTED
is not defined or if the hook is set to
NULL (dummy). This is done to notify the caller that no valid
secid exists.
Signed-off-by: Casey Schaufler [EMAIL PROTECTED]
Signed-off-by: Ahmed S. Darwish [EMAIL PROTECTED]
Acked-by: James Morris [EMAIL PROTECTED]
--
James Morris
[EMAIL PROTECTED
work.
--
James Morris
[EMAIL PROTECTED]
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
of Al Viro (cc'd,
who possibly should also be added to the MAINTAINERS entry for audit).
- James
--
James Morris
[EMAIL PROTECTED]
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
or if the hook is set to
NULL (dummy). This is done to notify the caller that no valid
secid exists.
Signed-off-by: Casey Schaufler [EMAIL PROTECTED]
Signed-off-by: Ahmed S. Darwish [EMAIL PROTECTED]
Acked-by: James Morris [EMAIL PROTECTED]
Reviewed-by: Paul Moore [EMAIL PROTECTED]
---
include/linux
From: Ahmed S. Darwish [EMAIL PROTECTED]
Setup the new inode_getsecid and ipc_getsecid() LSM hooks
for SELinux.
Signed-off-by: Casey Schaufler [EMAIL PROTECTED]
Signed-off-by: Ahmed S. Darwish [EMAIL PROTECTED]
Acked-by: James Morris [EMAIL PROTECTED]
Reviewed-by: Paul Moore [EMAIL PROTECTED
security= boot parameter
James Morris (2):
Tell git about security/selinux/include/audit.h
security: fix up documentation for security_module_enable
Documentation/kernel-parameters.txt |6 ++
include/linux/audit.h | 29
include/linux/security.h| 114
available if CONFIG_AUDIT is enabled.
Signed-off-by: Casey Schaufler [EMAIL PROTECTED]
Signed-off-by: Ahmed S. Darwish [EMAIL PROTECTED]
Acked-by: James Morris [EMAIL PROTECTED]
Reviewed-by: Paul Moore [EMAIL PROTECTED]
---
include/linux/security.h | 72
'.
Signed-off-by: Casey Schaufler [EMAIL PROTECTED]
Signed-off-by: Ahmed S. Darwish [EMAIL PROTECTED]
Acked-by: James Morris [EMAIL PROTECTED]
---
include/linux/audit.h | 29
include/linux/selinux.h| 72
kernel/audit.h
Signed-off-by: James Morris [EMAIL PROTECTED]
---
security/selinux/include/audit.h | 65 ++
1 files changed, 65 insertions(+), 0 deletions(-)
create mode 100644 security/selinux/include/audit.h
diff --git a/security/selinux/include/audit.h b/security
) :
selinux_audit_rule_init
selinux_audit_rule_free
audit_rule_has_selinux
selinux_audit_rule_match
Signed-off-by: Casey Schaufler [EMAIL PROTECTED]
Signed-off-by: Ahmed S. Darwish [EMAIL PROTECTED]
Acked-by: James Morris [EMAIL PROTECTED]
---
kernel/audit.c |7 +-
kernel/auditfilter.c | 61
if it was not chosen on
boot. Smackfs assumes that smack hooks are registered and
the initial task security setup (swapper-security) is done.
Signed-off-by: Ahmed S. Darwish [EMAIL PROTECTED]
Acked-by: James Morris [EMAIL PROTECTED]
---
Documentation/kernel-parameters.txt |6 +
include/linux/security.h
security_module_enable() can only be called during kernel init.
Signed-off-by: James Morris [EMAIL PROTECTED]
---
security/security.c |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/security/security.c b/security/security.c
index 2ed153c..7787c59 100644
--- a/security
On Thu, 17 Apr 2008, Greg KH wrote:
On Thu, Apr 17, 2008 at 11:06:07AM +, James Morris wrote:
Signed-off-by: James Morris [EMAIL PROTECTED]
---
security/selinux/include/audit.h | 65
++
Shouldn't this be merged with the previous patch
On Wed, 17 Dec 2008, Al Viro wrote:
No need to do that more than once per process lifetime; allocating/freeing
on each sendto/accept/etc. is bloody pointless.
Signed-off-by: Al Viro v...@zeniv.linux.org.uk
Reviewed-by: James Morris jmor...@namei.org
---
kernel/auditsc.c | 46
On Wed, 17 Dec 2008, Al Viro wrote:
* don't bother with allocations
* now that it can't fail, make it return void
Signed-off-by: Al Viro v...@zeniv.linux.org.uk
Reviewed-by: James Morris jmor...@namei.org
--
James Morris
jmor...@namei.org
--
Linux-audit mailing list
Linux-audit
;
'osid' should be converted into 'secid' someday.
Reviewed-by: James Morris jmor...@namei.org
--
James Morris
jmor...@namei.org
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
On Wed, 17 Dec 2008, Al Viro wrote:
* get rid of allocations
* make it return void
* simplify callers
Signed-off-by: Al Viro v...@zeniv.linux.org.uk
Reviewed-by: James Morris jmor...@namei.org
--
James Morris
jmor...@namei.org
--
Linux-audit mailing list
Linux-audit@redhat.com
https
On Wed, 17 Dec 2008, Al Viro wrote:
* get rid of allocations
* make it return void
* don't duplicate parts of audit_dummy_context()
Signed-off-by: Al Viro v...@zeniv.linux.org.uk
Reviewed-by: James Morris jmor...@namei.org
--
James Morris
jmor...@namei.org
--
Linux-audit mailing list
On Wed, 17 Dec 2008, Al Viro wrote:
* no allocations
* return void
Signed-off-by: Al Viro v...@zeniv.linux.org.uk
Reviewed-by: James Morris jmor...@namei.org
--
James Morris
jmor...@namei.org
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo
On Wed, 17 Dec 2008, Al Viro wrote:
Signed-off-by: Al Viro v...@zeniv.linux.org.uk
Reviewed-by: James Morris jmor...@namei.org
--
James Morris
jmor...@namei.org
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
, keep track of the current
highest-priority matching rule and its result (always/never).
Signed-off-by: Al Viro v...@zeniv.linux.org.uk
Reviewed-by: James Morris jmor...@namei.org
--
James Morris
jmor...@namei.org
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com
Morris jmor...@namei.org
--
James Morris
jmor...@namei.org
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
On Wed, 17 Dec 2008, Al Viro wrote:
Signed-off-by: Al Viro v...@zeniv.linux.org.uk
Reviewed-by: James Morris jmor...@namei.org
--
James Morris
jmor...@namei.org
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
values now; in-tree
instances updated.
Signed-off-by: Al Viro v...@zeniv.linux.org.uk
Reviewed-by: James Morris jmor...@namei.org
--
James Morris
jmor...@namei.org
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
#next
Note:
Please ensure that each patch has a distinct and descriptive subject line.
Also, the format for the subject is:
[PATCH x/y] subsystem: short description
See section 15 of Documentation/SubmittingPatches.
--
James Morris
jmor...@namei.org
--
Linux-audit mailing list
Linux-audit
},
};
--
James Morris
jmor...@namei.org
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
On Fri, 14 Aug 2009, Stephen Smalley wrote:
Acked-by: Stephen Smalley s...@tycho.nsa.gov
Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#next
--
James Morris
jmor...@namei.org
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com
-love.sakura.ne.jp
Signed-off-by: Richard Guy Briggs r...@redhat.com
Applied.
--
James Morris
jmor...@namei.org
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
nput to the
development process.
WEB SITE
http://events.linuxfoundation.org/events/linux-security-summit
TWITTER
For event updates and announcements, follow:
https://twitter.com/LinuxSecSummit
PROGRAM COMMITTEE
The program committee for LSS 2017 is:
* James Morris, Oracle
* S
.@redhat.com>
> Reviewed-by: Serge Hallyn <se...@hallyn.com>
> ---
> security/commoncap.c | 63 +++--
> 1 files changed, 35 insertions(+), 28 deletions(-)
Acked-by: James Morris <james.l.mor...@oracle.com>
--
James Morris
<
> security/commoncap.c | 50
> ++
> 1 files changed, 30 insertions(+), 20 deletions(-)
Acked-by: James Morris <james.l.mor...@oracle.com>
--
James Morris
<jmor...@namei.org>
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
-
> 1 files changed, 21 insertions(+), 5 deletions(-)
Acked-by: James Morris <james.l.mor...@oracle.com>
--
James Morris
<jmor...@namei.org>
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
On Wed, 23 Aug 2017, Richard Guy Briggs wrote:
> The way the logic was presented, it was awkward to read and verify. Invert
> the
> logic using DeMorgan's Law to be more easily able to read and understand.
>
> Signed-off-by: Richard Guy Briggs <r...@redhat.com>
A
cap.c |9 +
> 1 files changed, 5 insertions(+), 4 deletions(-)
Acked-by: James Morris <james.l.mor...@oracle.com>
--
James Morris
<jmor...@namei.org>
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
; pA_gained
>
> - These last two are combined into one due to the common first parameter.
>
> Related: https://github.com/linux-audit/audit-kernel/issues/16
>
> Signed-off-by: Richard Guy Briggs <r...@redhat.com>
Acked-by: James Morris <james.l.mor...@oracle.com>
--
James Morris
<jmor...@namei.org>
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
On Wed, 23 Aug 2017, Richard Guy Briggs wrote:
> Remove a layer of conditional logic to make the use of conditions
> easier to read and analyse.
>
> Signed-off-by: Richard Guy Briggs <r...@redhat.com>
Acked-by: James Morris <james.l.mor...@oracle.com>
> ---
>
+--
> 1 files changed, 10 insertions(+), 10 deletions(-)
Acked-by: James Morris <james.l.mor...@oracle.com>
--
James Morris
<jmor...@namei.org>
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
+++--
> 1 files changed, 10 insertions(+), 6 deletions(-)
Acked-by: James Morris <james.l.mor...@oracle.com>
--
James Morris
<jmor...@namei.org>
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
> +++ b/security/commoncap.c
> @@ -481,6 +481,38 @@ static int get_file_caps(struct linux_binprm *bprm, bool
> *effective, bool *has_c
> return rc;
> }
>
> +void handle_privileged_root(struct linux_binprm *bprm, bool has_cap, bool
> *effective, kuid_t root_uid)
Ca
urity module.
>
> Signed-off-by: Casey Schaufler <ca...@schaufler-ca.com>
Reviewed-by: James Morris <james.l.mor...@oracle.com>
--
James Morris
<james.l.mor...@oracle.com>
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
actions_logged sysctl.
>
> Suggested-by: Steve Grubb <sgr...@redhat.com>
> Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
Reviewed-by: James Morris <james.mor...@microsoft.com>
--
James Morris
<jmor...@namei.org>
--
Linux-audit mailing list
Linux-audit@redhat.c
itional code paths on whether or not the
> 'write' parameter evaluates to true.
>
> Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
Reviewed-by: James Morris <james.mor...@microsoft.com>
--
James Morris
<jmor...@namei.org>
--
Linux-audit mailing list
Linux-audit@re
eparator. This patch allows the separator character to be
> configurable to meet both needs.
>
> Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
Reviewed-by: James Morris <james.mor...@microsoft.com>
--
James Morris
<jmor...@namei.org>
--
Linux-audit mailing list
Linux-au
> >
> > security/commoncap.c | 193
> > ++-
> > 1 file changed, 128 insertions(+), 65 deletions(-)
> >
> > --
> > 1.8.3.1
> >
> > --
> > To unsubscribe from this list: send
id.
>
>
>
> Serge? James? Can one of you two take this via your trees since Paul
> has backed down citing (reasonably) that it is mostly capabilities
> patches rather than audit?
Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
next-genera
2018 is:
* James Morris, Microsoft
* Serge Hallyn, Cisco
* Paul Moore, Red Hat
* Stephen Smalley, NSA
* Elena Reshetova, Intel
* John Johansen, Canonical
* Kees Cook, Google
* Casey Schaufler, Intel
* Mimi Zohar, IBM
* David A. Wheeler, Institute for Defense Anal
mmit
PROGRAM COMMITTEE
The program committee for LSS 2019 is:
* James Morris, Microsoft
* Serge Hallyn, Cisco
* Paul Moore, Cisco
* Stephen Smalley, NSA
* Elena Reshetova, Intel
* John Johansen, Canonical
* Kees Cook, Google
* Casey Schaufler, Intel
* Mimi Zohar,
audit logs look the same once the 2nd patch is applied? We need
to be careful about breaking existing userland.
--
James Morris
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
none of
> > the existing modules use, how would it be wrong to
> > reserve it?
>
> "We've never had to think about having general rules on what security
> modules do before..."
>
> We famously haven't imposed restrictions on the label format before
> now, and thi
which is an assumption that dbus is already relying on since I checked
> it in the thread around
> <https://marc.info/?l=linux-security-module=142323508321029=2>?
> Or is that restriction so fundamental that it's considered OK?
Security labels are strings, so this is implied.
--
James M
e, right? We can't do that.
> Once again, I believe that the subj_X approach is going to be faster
> than safely parsing the multiplexed format.
What about emitting one audit record for each LSM?
--
James Morris
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.c
-
> security/lsm_audit.c| 5 +
> security/security.c | 30 +
> security/selinux/hooks.c| 30 +
> security/selinux/include/classmap.h | 2 ++
> 7 files changed, 71 insertions(+), 2
2020 is:
* James Morris, Microsoft
* Serge Hallyn, Cisco
* Paul Moore, Cisco
* Stephen Smalley, NSA
* Elena Reshetova, Intel
* John Johansen, Canonical
* Kees Cook, Google
* Casey Schaufler, Intel
* Mimi Zohar, IBM
* David A. Wheeler, Institute for Defense Anal
socket *sock, struct sk_buff
> *skb,
> + struct lsmblob *blob)
> {
> - return call_int_hook(socket_getpeersec_dgram, -ENOPROTOOPT, sock,
> - skb, secid);
> + struct security_hook_list *hp;
> + int rc = -ENOPRO
gt; + * display either is the slot number use for formatting
> + * or an instruction on which relative slot to use.
> + */
> + if (display == LSMBLOB_DISPLAY)
> + display = lsm_task_display(current);
> + else if (display == LSMBLOB_FIRST)
> + display = LSMBLOB_INVALID;
> + else if (display < 0) {
> + WARN_ONCE(true,
> + "LSM: %s unknown display\n", __func__);
> + display = LSMBLOB_INVALID;
> + } else if (display >= lsm_slot) {
> + WARN_ONCE(true,
> + "LSM: %s invalid display\n", __func__);
> + display = LSMBLOB_INVALID;
> + }
> +
> +
> hlist_for_each_entry(hp, _hook_heads.secid_to_secctx, list) {
> if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
> continue;
> @@ -2256,7 +2299,7 @@ int security_secctx_to_secid(const char *secdata, u32
> seclen,
> return hp->hook.secctx_to_secid(secdata, seclen,
> >secid[hp->lsmid->slot]);
> }
> - return 0;
> + return -EOPNOTSUPP;
> }
> EXPORT_SYMBOL(security_secctx_to_secid);
>
> @@ -2757,23 +2800,17 @@ int security_key_getsecurity(struct key *key, char
> **_buffer)
> int security_audit_rule_init(u32 field, u32 op, char *rulestr, void
> **lsmrule)
> {
> struct security_hook_list *hp;
> - bool one_is_good = false;
> - int rc = 0;
> - int trc;
> + int display = lsm_task_display(current);
>
> hlist_for_each_entry(hp, _hook_heads.audit_rule_init, list) {
> if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
> continue;
> - trc = hp->hook.audit_rule_init(field, op, rulestr,
> -[hp->lsmid->slot]);
> - if (trc == 0)
> - one_is_good = true;
> - else
> - rc = trc;
> + if (display != LSMBLOB_INVALID && display != hp->lsmid->slot)
> + continue;
> + return hp->hook.audit_rule_init(field, op, rulestr,
> + [hp->lsmid->slot]);
> }
> - if (one_is_good)
> - return 0;
> - return rc;
> + return 0;
> }
>
> int security_audit_rule_known(struct audit_krule *krule)
> @@ -2805,6 +2842,8 @@ int security_audit_rule_match(struct lsmblob *blob, u32
> field, u32 op,
> continue;
> if (lsmrule[hp->lsmid->slot] == NULL)
> continue;
> + if (lsmrule[hp->lsmid->slot] == NULL)
> + continue;
> rc = hp->hook.audit_rule_match(blob->secid[hp->lsmid->slot],
> field, op,
> [hp->lsmid->slot]);
> diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
> index dcabf6bd8faa..15fa4b7eb2e6 100644
> --- a/security/smack/smackfs.c
> +++ b/security/smack/smackfs.c
> @@ -185,7 +185,8 @@ static void smk_netlabel_audit_set(struct netlbl_audit
> *nap)
>
> nap->loginuid = audit_get_loginuid(current);
> nap->sessionid = audit_get_sessionid(current);
> - nap->secid = skp->smk_secid;
> + lsmblob_init(>lsmdata, 0);
> + nap->lsmdata.secid[smack_lsmid.slot] = skp->smk_secid;
> }
>
> /*
>
--
James Morris
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
On Thu, 6 Aug 2020, Mimi Zohar wrote:
> On Thu, 2020-08-06 at 09:51 +1000, James Morris wrote:
> > On Wed, 5 Aug 2020, Mimi Zohar wrote:
> >
> > > If block layer integrity was enough, there wouldn't have been a need
> > > for fs-verity. Even fs-verity is
usted
rootfs. Future versions will support FS-Verity, at least.
IPE was designed to be extensible in this way, with a strong separation of
mechanism and policy.
Whatever is implemented for NFS should be able to plug in to IPE pretty
easily.
--
James Morris
--
Linux-audit mailing list
Linux-a
is able to attend, so I've submitted a
BoF proposal:
https://www.linuxplumbersconf.org/event/7/abstracts/732/
--
James Morris
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
differentiate yours by making it more Kconfig
> based, but policy has a way of becoming user space supplied because
> the distros hate config options, so I think you're going to end up
> with a policy parser very like IMAs.
--
James Morris
--
Linux-audit mailing list
ger.kernel.org
I'd like to see Paul's acks on any networking related changes.
--
James Morris
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
hansen
> SELinux hook provided by Stephen Smalley
>
> Reviewed-by: Kees Cook
> Acked-by: Stephen Smalley
> Acked-by: Paul Moore
> Signed-off-by: Casey Schaufler
jj: do you have any review/feedback on this?
--
James Morris
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
p and serial number.
>
> Signed-off-by: Casey Schaufler
> Cc: linux-audit@redhat.com
These audit patches will need ack/review from Paul.
--
James Morris
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
mary maintainers on the
To: line or they may miss the email.
--
James Morris
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
ng back a secid.
> The infrastructure passes the correct entry from the lsmblob.
>
> Signed-off-by: Casey Schaufler
> Cc: net...@vger.kernel.org
You probably need to include Netfilter maintainers specifically for this
(added them + the Netfilter list).
This also needs signoffs from LS
0 +627,8 @@ nfqnl_build_packet_message(struct net *net, struct
> > nfqnl_instance *queue,
> > }
> >
> > nlh->nlmsg_len = skb->len;
> > - if (seclen) {
> > - lsmcontext_init(, secdata, seclen, 0);
> > - security_release_secctx();
> > - }
> > + if (context.len)
> > + security_release_secctx();
> > return skb;
> >
> > nla_put_failure:
> > @@ -643,10 +636,8 @@ nfqnl_build_packet_message(struct net *net, struct
> > nfqnl_instance *queue,
> > kfree_skb(skb);
> > net_err_ratelimited("nf_queue: error creating packet message\n");
> > nlmsg_failure:
> > - if (seclen) {
> > - lsmcontext_init(, secdata, seclen, 0);
> > - security_release_secctx();
> > - }
> > + if (context.len)
> > + security_release_secctx();
> > return NULL;
> > }
> >
> > --
> > 2.24.1
> >
>
--
James Morris
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
Two further (and hopefully final) changes:
- LSS 2021 will now be a hybrid event, catering to both in-person and
remote attendees and presenters
- The CFP is extended to July 11th.
On Wed, 26 May 2021, James Morris wrote:
> Note that the venue of LSS 2021 has now changed to Seat
Note that the venue of LSS 2021 has now changed to Seattle, USA.
See https://events.linuxfoundation.org/linux-security-summit-north-america/
The new event dates are 29 September to 01 October.
The CFP closes on June 27th.
On Tue, 9 Feb 2021, James Morris wrote
mmit
#linuxsecuritysummit
PROGRAM COMMITTEE
The program committee for LSS 2021 is:
* James Morris, Microsoft
* Serge Hallyn, Cisco
* Paul Moore, Cisco
* Stephen Smalley, NSA
* Elena Reshetova, Intel
* John Johansen, Canonical
* Kees Cook, Google
* Casey Schaufler, I
On Thu, 18 Feb 2021, Paul Moore wrote:
> Hi all,
>
> When looking into a problem I noticed that audit was recording the
> wrong subject label for a process.
Is this a public bug? It would be good to know what the extent of this
issue may be and whether it warrants a CVE.
--
(secid, , _sz);
> if (ret) {
> return_error = BR_FAILED_REPLY;
Can someone from the Android project confirm this is correct for binder?
--
James Morris
--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit
For folks presenting remotely, the deadline for video talks is extended to
20th September, 2021.
Reminder: you can keep track LSS event information via:
https://twitter.com/LinuxSecSummit
--
James Morris
--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman
On Tue, 8 Feb 2022, James Morris wrote:
> * Event:September 23-24
Correction: This should be 23-24 June per the top of the email.
--
James Morris
--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit
https://twitter.com/LinuxSecSummit
#linuxsecuritysummit
PROGRAM COMMITTEE
The program committee for LSS 2021 is:
* James Morris, Microsoft
* Serge Hallyn, Cisco
* Paul Moore, Microsoft
* Stephen Smalley, NSA
* Elena Reshetova, Intel
* John Johansen, Canonical
.
This will be a three day event, co-located with Open Source Summit North
America [1].
The LSS-NA CfP is open until March 1st, 2023.
Note that announcements relating to the Linux Security Summit may be found
now on the Fediverse, via: https://social.kernel.org/LinuxSecSummit
--
James Morris
[1] https
86 matches
Mail list logo