Re: [PATCH ghak81 V3 3/3] audit: collect audit task parameters

: https://github.com/0day-ci/linux/commits/Richard-Guy-Briggs/audit-group-task-params/20180517-090703 config: i386-tinyconfig (attached as .config) compiler: gcc-7 (Debian 7.3.0-16) 7.3.0 reproduce: # save the attached .config to linux build tree make ARCH=i386 All errors (new

[ANNOUNCE] Linux Security Summit Europe 2018 - CFP

== ANNOUNCEMENT AND CALL FOR PARTICIPATION LINUX SECURITY SUMMIT EUROPE 2018 25-26 October

[PATCH ghak82] audit: Fix wrong task in comparison of session ID

The audit_filter_rules() function in auditsc.c compared the session ID with the credentials of the current task, while it should use the credentials of the task given to audit_filter_rules() as a parameter (tsk). GitHub issue: https://github.com/linux-audit/audit-kernel/issues/82 Fixes:

[PATCH ghak82] audit: Fix extended comparison of GID/EGID

The audit_filter_rules() function in auditsc.c used the in_[e]group_p() functions to check GID/EGID match, but these functions use the current task's credentials, while the comparison should use the credentials of the task given to audit_filter_rules() as a parameter (tsk). Note that we can use

Re: [PATCH ghak82] audit: Fix wrong task in comparison of session ID

On 2018-05-17 17:31, Ondrej Mosnacek wrote: > The audit_filter_rules() function in auditsc.c compared the session ID > with the credentials of the current task, while it should use the > credentials of the task given to audit_filter_rules() as a parameter > (tsk). > > GitHub issue: >

Re: [PATCH ghak82] audit: Fix extended comparison of GID/EGID

On 2018-05-17 17:31, Ondrej Mosnacek wrote: > The audit_filter_rules() function in auditsc.c used the in_[e]group_p() > functions to check GID/EGID match, but these functions use the current > task's credentials, while the comparison should use the credentials of > the task given to

Re: [PATCH] audit: add containerid support for IMA-audit

On 03/08/2018 06:21 AM, Richard Guy Briggs wrote: On 2018-03-05 09:24, Mimi Zohar wrote: On Mon, 2018-03-05 at 08:50 -0500, Richard Guy Briggs wrote: On 2018-03-05 08:43, Mimi Zohar wrote: Hi Richard, This patch has been compiled, but not runtime tested. Ok, great, thank you. I assume you

[PATCH ghak81 V3a] fixup! audit: collect audit task parameters

Enable fork.c compilation with audit disabled. Signed-off-by: Richard Guy Briggs --- Hi Paul, this one got caught by the 0-day kbuildbot. Can you squash it down if you haven't merged it yet? --- kernel/fork.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/fork.c

[PATCH] audit: use existing session info function

Use the existing audit_log_session_info() function rather than hardcoding its functionality. Signed-off-by: Richard Guy Briggs --- kernel/auditfilter.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index

Re: [RFC PATCH ghak32 V2 03/13] audit: log container info of syscalls

On 2018-05-17 17:09, Steve Grubb wrote: > On Fri, 16 Mar 2018 05:00:30 -0400 > Richard Guy Briggs wrote: > > > Create a new audit record AUDIT_CONTAINER_INFO to document the > > container ID of a process if it is present. > > As mentioned in a previous email, I think

Re: [RFC PATCH ghak32 V2 03/13] audit: log container info of syscalls

On Fri, 16 Mar 2018 05:00:30 -0400 Richard Guy Briggs wrote: > Create a new audit record AUDIT_CONTAINER_INFO to document the > container ID of a process if it is present. As mentioned in a previous email, I think AUDIT_CONTAINER is more suitable for the container record. One

Re: [PATCH] audit: add containerid support for IMA-audit

On 2018-05-17 10:18, Stefan Berger wrote: > On 03/08/2018 06:21 AM, Richard Guy Briggs wrote: > > On 2018-03-05 09:24, Mimi Zohar wrote: > > > On Mon, 2018-03-05 at 08:50 -0500, Richard Guy Briggs wrote: > > > > On 2018-03-05 08:43, Mimi Zohar wrote: > > > > > Hi Richard, > > > > > > > > > > This

Re: [RFC PATCH ghak32 V2 01/13] audit: add container id

On 2018-05-17 17:00, Steve Grubb wrote: > On Fri, 16 Mar 2018 05:00:28 -0400 > Richard Guy Briggs wrote: > > > Implement the proc fs write to set the audit container ID of a > > process, emitting an AUDIT_CONTAINER record to document the event. > > > > This is a write from the

Re: [PATCH ghak81 V3 3/3] audit: collect audit task parameters

On Wed, May 16, 2018 at 7:55 AM, Richard Guy Briggs wrote: > The audit-related parameters in struct task_struct should ideally be > collected together and accessed through a standard audit API. > > Collect the existing loginuid, sessionid and audit_context together in a > new

Re: [PATCH ghak81 V3 2/3] audit: normalize loginuid read access

On Wed, May 16, 2018 at 7:55 AM, Richard Guy Briggs wrote: > Recognizing that the loginuid is an internal audit value, use an access > function to retrieve the audit loginuid value for the task rather than > reaching directly into the task struct to get it. > > Signed-off-by:

Re: [PATCH ghak81 V3 1/3] audit: use new audit_context access funciton for seccomp_actions_logged

On Wed, May 16, 2018 at 7:55 AM, Richard Guy Briggs wrote: > On the rebase of the following commit on the new seccomp actions_logged > function, one audit_context access was missed. > > commit cdfb6b341f0f2409aba24b84f3b4b2bba50be5c5 > ("audit: use inline function to get audit

Re: [RFC PATCH ghak32 V2 01/13] audit: add container id

On Fri, 16 Mar 2018 05:00:28 -0400 Richard Guy Briggs wrote: > Implement the proc fs write to set the audit container ID of a > process, emitting an AUDIT_CONTAINER record to document the event. > > This is a write from the container orchestrator task to a proc entry > of the

Re: [PATCH ghak81 V3a] fixup! audit: collect audit task parameters

On Thu, May 17, 2018 at 1:20 PM, Richard Guy Briggs wrote: > Enable fork.c compilation with audit disabled. > > Signed-off-by: Richard Guy Briggs > --- > Hi Paul, this one got caught by the 0-day kbuildbot. Can you squash it > down if you haven't merged it yet?