We are interested in using auditing's context pathname information.
Is this the best way of accessing it?
Add support for accessing auditing's inode full pathname.
Signed-off-by: Mimi Zohar [EMAIL PROTECTED]
Index: security-testing-2.6/include/linux/audit.h
On Tue, 2008-08-12 at 19:47 -0400, Steve Grubb wrote:
On Wednesday 06 August 2008 10:36:46 Mimi Zohar wrote:
We are interested in using auditing's context pathname information.
Is this the best way of accessing it?
Add support for accessing auditing's inode full pathname.
What would
integrity: audit
This patch adds support to auditd for integrity messages, which are
issued as a result of the integrity patchset that was applied to the
security-testing-2.6/#next tree.
Signed-off-by: Mimi Zohar zo...@us.ibm.com
Index: audit-1.7.11/src/ausearch-parse.c
Signed-off-by: Mimi Zohar zo...@us.ibm.com
Signed-off-by: James Morris jmor...@namei.org
---
diff --git a/MAINTAINERS b/MAINTAINERS
index 6bd7d47..12fc280 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -2175,6 +2175,11 @@ M: stef...@s5r6.in-berlin.de
L: linux1394-de
-off-by: Mimi Zohar zo...@us.ibm.com
Acked-by: Serge Hallyn se...@us.ibm.com
Signed-off-by: James Morris jmor...@namei.org
---
diff --git a/include/linux/ima.h b/include/linux/ima.h
index dcc3664..6db30a3 100644
--- a/include/linux/ima.h
+++ b/include/linux/ima.h
@@ -19,6 +19,7 @@ extern void
Sequentialize access to the policy file
- permit multiple attempts to replace default policy with a valid policy
Signed-off-by: Mimi Zohar zo...@us.ibm.com
Acked-by: Serge Hallyn se...@us.ibm.com
Signed-off-by: James Morris jmor...@namei.org
---
diff --git a/security/integrity/ima/ima_fs.c b
This patch replaces the generic integrity hooks, for which IMA registered
itself, with IMA integrity hooks in the appropriate places directly
in the fs directory.
Signed-off-by: Mimi Zohar zo...@us.ibm.com
Acked-by: Serge Hallyn se...@us.ibm.com
Signed-off-by: James Morris jmor...@namei.org
Signed-off-by: Mimi Zohar zo...@us.ibm.com
Signed-off-by: James Morris jmor...@namei.org
---
diff --git a/Documentation/kernel-parameters.txt
b/Documentation/kernel-parameters.txt
index 7c67b94..31e0c2c 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
Support for a user loadable policy through securityfs
with support for LSM specific policy data.
- free invalid rule in ima_parse_add_rule()
Signed-off-by: Mimi Zohar zo...@us.ibm.com
Acked-by: Serge Hallyn se...@us.ibm.com
Signed-off-by: James Morris jmor...@namei.org
---
diff --git
Make the measurement lists available through securityfs.
- removed test for NULL return code from securityfs_create_file/dir
Signed-off-by: Mimi Zohar zo...@us.ibm.com
Acked-by: Serge Hallyn se...@us.ibm.com
Signed-off-by: James Morris jmor...@namei.org
---
diff --git a/security/integrity/ima
:
http://lkml.org/lkml/2009/2/2/162
http://lkml.org/lkml/2009/2/5/151
The auditd patch was already posted here.
Mimi
James Morris (1):
IMA: fix ima_delete_rules() definition
Mimi Zohar (7):
integrity: IMA hooks
integrity: IMA as an integrity service provider
integrity
On Fri, 2009-02-06 at 17:04 -0500, Steve Grubb wrote:
Hi,
Thanks for sending the audit piece to the mail list so we could go over the
details without bothering the whole lkml. I have some comments in line below.
Definitely preferable.
On Friday 06 February 2009 02:52:07 pm Mimi Zohar
On Mon, 2009-02-09 at 09:51 -0500, Steve Grubb wrote:
On Sunday 08 February 2009 09:42:42 pm Mimi Zohar wrote:
diff --git a/security/integrity/ima/ima_audit.c
b/security/integrity/ima/ima_audit.c new file mode 100644
index 000..8a0f1e2
--- /dev/null
+++ b/security
- Force audit result to be either 0 or 1.
- make template names const
- Add new stand-alone message type: AUDIT_INTEGRITY_RULE
Signed-off-by: Mimi Zohar zo...@us.ibm.com
---
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 930939a..4fa2810 100644
--- a/include/linux/audit.h
+++ b
On Tue, 2009-02-10 at 17:00 -0500, Steve Grubb wrote:
On Monday 09 February 2009 06:24:20 pm Mimi Zohar wrote:
- Force audit result to be either 0 or 1.
- make template names const
- Add new stand-alone message type: AUDIT_INTEGRITY_RULE
OK, I think this patch fixes the problems from 2/8
On Fri, 2009-03-06 at 17:07 -0500, Eric Paris wrote:
I'm very slow to the game, I know, but today was the first kernel that I
built from linux-next with IMA on. I have a comment, and hopefully more
to come
np
On Fri, 2009-02-06 at 14:52 -0500, Mimi Zohar wrote:
+void
The original patch added support to auditd for integrity messages, which
are issued as a result of the integrity patchset that was applied to the
security-testing-2.6/#next tree.
This patch adds support for the new AUDIT_INTEGRITY_RULE message.
Signed-off-by: Mimi Zohar zo...@us.ibm.com
Index
Based on a request from Eric Paris to simplify parsing, replace
audit_log_format statements containing %s with audit_log_string().
Signed-off-by: Mimi Zohar zo...@us.ibm.com
Index: security-testing-2.6/security/integrity/ima/ima_audit.c
of integrity_audit_msg() (Fengguang Wu)
Signed-off-by: Mimi Zohar zo...@linux.vnet.ibm.com
---
Documentation/kernel-parameters.txt | 10 +++---
security/integrity/Kconfig | 15 +
security/integrity/Makefile | 1 +
security/integrity/ima/Kconfig | 12 ---
security/integrity/ima
-off-by: Mimi Zohar zo...@linux.vnet.ibm.com
---
security/integrity/evm/evm_main.c | 15 ++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/security/integrity/evm/evm_main.c
b/security/integrity/evm/evm_main.c
index cdbde17..df0fa45 100644
--- a/security/integrity/evm
On Wed, 2014-04-02 at 12:19 -0400, Richard Guy Briggs wrote:
When task-comm is passed directly to audit_log_untrustedstring() without
getting a copy or using the task_lock, there is a race that could happen that
would output a NULL (\0) in the output string that would effectively truncate
the
On Wed, 2014-04-02 at 14:00 -0400, Steve Grubb wrote:
Hello Mimi,
On Wednesday, April 02, 2014 01:39:47 PM Mimi Zohar wrote:
This change is already being upstreamed as commit 73a6b44 Integrity:
Pass commname via get_task_comm().
While I was looking at Richard's patch, I noticed a few
On Wed, 2014-04-02 at 14:18 -0400, Eric Paris wrote:
On Wed, 2014-04-02 at 14:12 -0400, Mimi Zohar wrote:
On Wed, 2014-04-02 at 14:00 -0400, Steve Grubb wrote:
Hello Mimi,
On Wednesday, April 02, 2014 01:39:47 PM Mimi Zohar wrote:
This change is already being upstreamed
On Wed, 2014-04-09 at 18:26 -0700, Peter Moody wrote:
On Wed, Apr 09 2014 at 10:19, Steve Grubb wrote:
Missing INTEGRITY_RULE
IMA with an 'audit' rule generates INTEGRITY_RULE messages.
Missing INTEGRITY_DATA
Failure to collect or appraise file data.
(Requires the filesystem to be
On Fri, 2014-04-11 at 10:07 -0400, Steve Grubb wrote:
Hi Mimi,
On Thursday, April 10, 2014 11:36:15 PM Mimi Zohar wrote:
On Wed, 2014-04-09 at 18:26 -0700, Peter Moody wrote:
On Wed, Apr 09 2014 at 10:19, Steve Grubb wrote:
Missing INTEGRITY_RULE
IMA with an 'audit' rule
On Sat, 2014-06-14 at 12:43 +0300, Dmitry Kasatkin wrote:
On 14 June 2014 03:02, Richard Guy Briggs r...@redhat.com wrote:
On 14/04/02, Richard Guy Briggs wrote:
On 14/04/02, Mimi Zohar wrote:
On Wed, 2014-04-02 at 14:18 -0400, Eric Paris wrote:
On Wed, 2014-04-02 at 14:12 -0400, Mimi
On Mon, 2014-06-16 at 15:52 -0400, Richard Guy Briggs wrote:
Replace spaces in op keyword labels in log output since userspace audit tools
can't parse orphaned keywords.
The patch didn't apply cleanly to linux-integrity/#next. Please take a
look at it (linux-integrity/#next-fixes).
thanks,
On Fri, 2018-05-18 at 11:56 -0400, Richard Guy Briggs wrote:
> On 2018-05-18 10:39, Mimi Zohar wrote:
> > On Fri, 2018-05-18 at 09:54 -0400, Stefan Berger wrote:
> > > On 05/18/2018 08:53 AM, Mimi Zohar wrote:
> >
> > [..]
> >
> > > >>>>
On Fri, 2018-05-18 at 07:49 -0400, Stefan Berger wrote:
> On 05/17/2018 05:30 PM, Richard Guy Briggs wrote:
[...]
> >>> auxiliary record either by being converted to a syscall auxiliary record
> >>> by using current->audit_context rather than NULL when calling
> >>> audit_log_start(), or
On Fri, 2018-05-18 at 09:54 -0400, Stefan Berger wrote:
> On 05/18/2018 08:53 AM, Mimi Zohar wrote:
[..]
> >>>> If so, which ones? We could probably refactor the current
> >>>> integrity_audit_message() and have ima_parse_rule() call into it to get
> >>
On Wed, 2018-05-30 at 17:49 -0400, Stefan Berger wrote:
>
> So the other choice is to only keep patches 1,2, 6, and 7, so leave most
> of the integrity audit messages untouched. Then only create a different
> format for the new AUDIT_INTEGRITY_POLICY_RULE (current 8/8) that shares
> (for
On Tue, 2018-05-29 at 17:47 -0400, Paul Moore wrote:
> On Tue, May 29, 2018 at 5:35 PM, Steve Grubb wrote:
> > On Tuesday, May 29, 2018 5:19:39 PM EDT Paul Moore wrote:
> >> On Thu, May 24, 2018 at 4:11 PM, Stefan Berger
> >>
> >> wrote:
> >> > Use the new public audit functions to add the exe=
Hi Paul,
On Mon, 2018-06-04 at 20:21 -0400, Paul Moore wrote:
> On Mon, Jun 4, 2018 at 4:54 PM, Stefan Berger
> wrote:
> > The AUDIT_INTEGRITY_RULE is used for auditing IMA policy rules and
> > the IMA "audit" policy action. This patch defines
> > AUDIT_INTEGRITY_POLICY_RULE to reflect the IMA
On Tue, 2018-06-05 at 18:18 -0400, Paul Moore wrote:
> On Tue, Jun 5, 2018 at 10:15 AM, Mimi Zohar wrote:
> > Hi Paul,
> >
> > On Mon, 2018-06-04 at 20:21 -0400, Paul Moore wrote:
> >> On Mon, Jun 4, 2018 at 4:54 PM, Stefan Berger
> >> wrote:
> >>
On Tue, 2018-05-29 at 18:58 -0400, Mimi Zohar wrote:
> On Tue, 2018-05-29 at 17:47 -0400, Paul Moore wrote:
> > On Tue, May 29, 2018 at 5:35 PM, Steve Grubb wrote:
> > > On Tuesday, May 29, 2018 5:19:39 PM EDT Paul Moore wrote:
> > >> On Thu, May 24,
On Thu, 2018-03-08 at 06:21 -0500, Richard Guy Briggs wrote:
> On 2018-03-05 09:24, Mimi Zohar wrote:
> > On Mon, 2018-03-05 at 08:50 -0500, Richard Guy Briggs wrote:
> > > On 2018-03-05 08:43, Mimi Zohar wrote:
> > > > Hi Richard,
> > > >
> > &
On Thu, 2018-03-01 at 14:41 -0500, Richard Guy Briggs wrote:
> Implement audit kernel container ID.
>
> This patchset is a preliminary RFC based on the proposal document (V3)
> posted:
> https://www.redhat.com/archives/linux-audit/2018-January/msg00014.html
>
> The first patch implements
On Sun, 2018-03-04 at 22:31 -0500, Richard Guy Briggs wrote:
> On 2018-03-04 16:55, Mimi Zohar wrote:
> > On Thu, 2018-03-01 at 14:41 -0500, Richard Guy Briggs wrote:
> > > Implement audit kernel container ID.
> > >
> > > This patchset is a preliminary RF
On Mon, 2018-03-05 at 08:50 -0500, Richard Guy Briggs wrote:
> On 2018-03-05 08:43, Mimi Zohar wrote:
> > Hi Richard,
> >
> > This patch has been compiled, but not runtime tested.
>
> Ok, great, thank you. I assume you are offering this patch to be
> included in
Hi Richard,
This patch has been compiled, but not runtime tested.
---
If the containerid is defined, include it in the IMA-audit record.
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
security/integrity/ima/ima_api.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/se
On Tue, 2019-03-26 at 19:58 -0400, Paul Moore wrote:
> On Tue, Mar 26, 2019 at 4:40 PM Mimi Zohar wrote:
> >
> > Hi Richard, Paul,
> >
> > On Tue, 2019-03-26 at 14:49 -0400, Richard Guy Briggs wrote:
> > > In commit fa516b66a1bf ("EVM: Allow runtime
On Tue, 2019-03-26 at 11:22 -0400, Steve Grubb wrote:
> > > > --- a/security/integrity/evm/evm_secfs.c
> > > > +++ b/security/integrity/evm/evm_secfs.c
> > > > @@ -192,7 +192,8 @@ static ssize_t evm_write_xattrs(struct file *file,
> > > > const char __user *buf,> >
> > > > if (count >
On Wed, 2019-03-20 at 20:50 -0400, Richard Guy Briggs wrote:
> On 2019-03-20 19:48, Paul Moore wrote:
> > On Sat, Mar 16, 2019 at 8:10 AM Richard Guy Briggs wrote:
> > > In commit fa516b66a1bf ("EVM: Allow runtime modification of the set of
> > > verified xattrs"), the call to audit_log_start()
gt;
> Please see the github issue
> https://github.com/linux-audit/audit-kernel/issues/109
>
> Signed-off-by: Richard Guy Briggs
Acked-by: Mimi Zohar
Paul, were you planning on upstreaming this patch?
Mimi
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
On Fri, 2020-01-10 at 11:40 -0800, Casey Schaufler wrote:
> On 1/9/2020 8:33 AM, Mimi Zohar wrote:
> > Hi Casey,
> >
> > On Fri, 2020-01-03 at 10:53 -0800, Casey Schaufler wrote:
> >> With multiple possible security modules supporting audit rule
> >> it is n
Hi Casey,
On Fri, 2020-01-03 at 10:53 -0800, Casey Schaufler wrote:
> With multiple possible security modules supporting audit rule
> it is necessary to keep separate data for each module in the
> audit rules. This affects IMA as well, as it re-uses the audit
> rule list mechanisms.
While
On Fri, 2020-08-07 at 13:31 -0400, Mimi Zohar wrote:
> On Sat, 2020-08-08 at 02:41 +1000, James Morris wrote:
> > On Thu, 6 Aug 2020, Mimi Zohar wrote:
> >
> > > On Thu, 2020-08-06 at 09:51 +1000, James Morris wrote:
> > > > On Wed, 5 Aug 2020, Mimi Zohar wrot
On Sat, 2020-08-08 at 02:41 +1000, James Morris wrote:
> On Thu, 6 Aug 2020, Mimi Zohar wrote:
>
> > On Thu, 2020-08-06 at 09:51 +1000, James Morris wrote:
> > > On Wed, 5 Aug 2020, Mimi Zohar wrote:
> > >
> > > > If block layer integrity w
On Mon, 2020-08-10 at 08:35 -0700, James Bottomley wrote:
> On Sun, 2020-08-09 at 13:16 -0400, Mimi Zohar wrote:
> > On Sat, 2020-08-08 at 13:47 -0400, Chuck Lever wrote:
> > > > On Aug 5, 2020, at 2:15 PM, Mimi Zohar
> > > > wrote:
> >
> >
>
On Mon, 2020-08-10 at 10:13 -0700, James Bottomley wrote:
> On Mon, 2020-08-10 at 12:35 -0400, Mimi Zohar wrote:
> > On Mon, 2020-08-10 at 08:35 -0700, James Bottomley wrote:
> [...]
> > > > Up to now, verifying remote filesystem file integrity has been
> > >
On Sat, 2020-08-08 at 13:47 -0400, Chuck Lever wrote:
> > On Aug 5, 2020, at 2:15 PM, Mimi Zohar wrote:
> > If block layer integrity was enough, there wouldn't have been a need
> > for fs-verity. Even fs-verity is limited to read only filesystems,
> > which makes vali
On Wed, 2020-08-05 at 09:59 -0700, James Morris wrote:
> On Wed, 5 Aug 2020, James Bottomley wrote:
>
> > I'll leave Mimi to answer, but really this is exactly the question that
> > should have been asked before writing IPE. However, since we have the
> > cart before the horse, let me break the
[Cc'ing the audit mailing list]
On Mon, 2020-06-29 at 10:30 -0500, Tyler Hicks wrote:
>
> diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
> index ff2bf57ff0c7..5d62ee8319f4 100644
> --- a/security/integrity/ima/ima.h
> +++ b/security/integrity/ima/ima.h
> @@ -419,24
On Wed, 2020-06-17 at 13:44 -0700, Lakshmi Ramasubramanian wrote:
> Error code is not included in the audit messages logged by
> the integrity subsystem. Add "errno" field in the audit messages
> logged by the integrity subsystem and set the value to the error code
> passed to
On Thu, 2020-06-18 at 11:05 -0700, Lakshmi Ramasubramanian wrote:
> On 6/18/20 10:41 AM, Mimi Zohar wrote:
>
> >
> > For the reasons that I mentioned previously, unless others are willing
> > to add their Reviewed-by tag not for the audit aspect in particular,
md" res=1 errno=0
>
> [8.019432] audit: type=1804 audit(1592506283.344:10): pid=1 uid=0
> auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0
> op=measuring_kexec_cmdline cause=hashing_error comm="systemd"
> name="kexec-cmdline" res=0 errno=-22
&
On Thu, 2020-06-25 at 15:14 -0400, Paul Moore wrote:
> On Wed, Jun 24, 2020 at 1:25 PM Lakshmi Ramasubramanian
> wrote:
> >
> > On 6/23/20 12:58 PM, Mimi Zohar wrote:
> >
> > Hi Steve\Paul,
> >
> > >> Sample audit messages:
> > >>
&
On Wed, 2020-06-10 at 17:03 -0700, Lakshmi Ramasubramanian wrote:
> Error code is not included in the audit messages logged by
> the integrity subsystem. Add a new field namely "errno" in
> the audit message and set the value to the error code passed
> to integrity_audit_msg() in the "result"
_cmdline cause=alloc_entry errno=-12
> comm="swapper/0" name="kexec-cmdline" res=0
>
> [8.017126] audit: type=1804 audit(1591756725.360:10): pid=1
> uid=0 auid=4294967295 ses=4294967295
> subj=system_u:system_r:init_t:s0 op=measuring_key
> cause=hashing_error errno=-22 com
On Tue, 2020-06-16 at 11:55 -0400, Steve Grubb wrote:
> On Tuesday, June 16, 2020 11:43:31 AM EDT Lakshmi Ramasubramanian wrote:
> > On 6/16/20 8:29 AM, Steve Grubb wrote:
> > > The idea is a good idea, but you're assuming that "result" is always
> > > errno. That was probably true
uid=0 auid=4294967295 ses=4294967295
> subj=system_u:system_r:init_t:s0 op=measuring_kexec_cmdline
> cause=hashing_error comm="systemd" name="kexec-cmdline" res=0
> errno=-22
>
> Signed-off-by: Lakshmi Ramasubramanian
Reviewed-by: Mimi Zohar
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
On Fri, 2020-06-05 at 14:09 -0700, Lakshmi Ramasubramanian wrote:
> On 6/5/20 1:49 PM, Paul Moore wrote:
>
> >
> >> Since a pr_xyz() call was already present, I just wanted to change the
> >> log level to keep the code change to the minimum. But if audit log is
> >> the right approach for this
Hi Lakshmi,
On Sun, 2020-06-07 at 15:14 -0700, Lakshmi Ramasubramanian wrote:
> The final log statement in process_buffer_measurement() for failure
> condition is at debug level. This does not log the message unless
> the system log level is raised which would significantly increase
> the
Hi Lakshmi,
On Fri, 2020-06-05 at 20:13 -0700, Lakshmi Ramasubramanian wrote:
> Hi Mimi,
>
> In integrity audit message function the inverse of "result" is being
> logged for "res=". Please see below. Is this intentional?
>
> void integrity_audit_msg(int audit_msgno, struct inode *inode,
>
On Mon, 2020-06-08 at 14:53 -0700, Lakshmi Ramasubramanian wrote:
> The final log statement in process_buffer_measurement() for failure
> condition is at debug level. This does not log the message unless
> the system log level is raised which would significantly increase
> the messages in the
Hi Richard,
On Tue, 2020-06-09 at 13:15 -0400, Richard Guy Briggs wrote:
> On 2020-06-09 10:00, Lakshmi Ramasubramanian wrote:
> If it is added, it should be appended to the end of the record since it
> is an existing record format, then in the case of res=1, errno= should
> still be present
On Tue, 2020-06-09 at 10:00 -0700, Lakshmi Ramasubramanian wrote:
> On 6/9/20 9:43 AM, Steve Grubb wrote:
>
> >> The number in parenthesis is the error code (such as ENOMEM, EINVAL,
> >> etc.) IMA uses this format for reporting TPM errors in one of the audit
> >> messages (In
On Fri, 2020-07-10 at 14:42 -0500, Tyler Hicks wrote:
> On 2020-06-29 17:30:03, Mimi Zohar wrote:
> > [Cc'ing the audit mailing list]
> >
> > On Mon, 2020-06-29 at 10:30 -0500, Tyler Hicks wrote:
> > >
> > > diff --git a/security/integrity/ima/ima.h b/s
On Mon, 2020-12-28 at 15:20 -0800, Casey Schaufler wrote:
> On 12/28/2020 2:14 PM, Mimi Zohar wrote:
> > On Mon, 2020-12-28 at 12:06 -0800, Casey Schaufler wrote:
> >> On 12/28/2020 11:24 AM, Mimi Zohar wrote:
> >>> Hi Casey,
> >>>
> >>> On
On Mon, 2020-12-28 at 11:22 -0800, Casey Schaufler wrote:
> On 12/28/2020 9:54 AM, Mimi Zohar wrote:
> > Hi Casey,
> >
> > On Fri, 2020-11-20 at 12:14 -0800, Casey Schaufler wrote:
> >> When more than one security module is exporting data to
> >> audit and
On Mon, 2020-12-28 at 12:06 -0800, Casey Schaufler wrote:
> On 12/28/2020 11:24 AM, Mimi Zohar wrote:
> > Hi Casey,
> >
> > On Fri, 2020-11-20 at 12:14 -0800, Casey Schaufler wrote:
> >> diff --git a/security/security.c b/security/security.c
> >>
Hi Casey,
On Fri, 2020-11-20 at 12:14 -0800, Casey Schaufler wrote:
> When more than one security module is exporting data to
> audit and networking sub-systems a single 32 bit integer
> is no longer sufficient to represent the data. Add a
> structure to be used instead.
>
> The lsmblob
Hi Casey,
On Fri, 2020-11-20 at 12:14 -0800, Casey Schaufler wrote:
> diff --git a/security/security.c b/security/security.c
> index 5da8b3643680..d01363cb0082 100644
> --- a/security/security.c
> +++ b/security/security.c
>
> @@ -2510,7 +2526,24 @@ int security_key_getsecurity(struct key *key,
On Tue, 2020-12-29 at 10:46 -0800, Casey Schaufler wrote:
> >> -int security_audit_rule_match(u32 secid, u32 field, u32 op, void
> >> *lsmrule)
> >> +int security_audit_rule_match(u32 secid, u32 field, u32 op, void
> >> **lsmrule)
> >> {
> >> - return
On Mon, 2020-12-28 at 20:53 -0500, Mimi Zohar wrote:
> On Mon, 2020-12-28 at 15:20 -0800, Casey Schaufler wrote:
> > On 12/28/2020 2:14 PM, Mimi Zohar wrote:
> > > On Mon, 2020-12-28 at 12:06 -0800, Casey Schaufler wrote:
> > >> On 12/28/2020 11:24 AM, Mi
will be up to the latter
> LSM specific patches in this series to change the hook
> implementations and return the correct credentials.
>
> Signed-off-by: Paul Moore
Thanks, Paul.
Acked-by: Mimi Zohar (IMA)
--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit
On Mon, 2021-02-22 at 15:45 -0800, Casey Schaufler wrote:
> On 2/14/2021 10:21 AM, Mimi Zohar wrote:
>
> Would these changes match your suggestion?
>
> security/integrity/ima/ima_policy.c | 24
> 1 file changed, 12 insertions(+), 12 deletions(
On Mon, 2021-02-22 at 15:58 -0800, Casey Schaufler wrote:
> On 2/20/2021 6:41 AM, Paul Moore wrote:
> > On Fri, Feb 19, 2021 at 8:49 PM Casey Schaufler
> > wrote:
> >> On 2/19/2021 3:28 PM, Paul Moore wrote:
> >>> As discussed briefly on the list (lore link below), we are a little
> >>> sloppy
[Cc'ing linux-audit]
Hi Simon,
On Wed, 2021-08-11 at 11:40 +, THOBY Simon wrote:
Other than the two questions on " IMA: add a policy option to restrict
xattr hash algorithms on appraisal" patch, the patch set is looking
good.
thanks,
Mimi
> Here is also a short description of the new
Hi Casey,
On Thu, 2021-11-04 at 14:38 -0700, Casey Schaufler wrote:
> Create real functions for the ima_filter_rule interfaces.
> These replace #defines that obscure the reuse of audit
> interfaces. The new functions are put in security.c because
> they use security module registered hooks that
80 matches
Mail list logo