Re: Should audit_seccomp check audit_enabled?

2015-10-23 Thread Paul Moore
On October 23, 2015 5:30:45 PM Andy Lutomirski wrote: On Fri, Oct 23, 2015 at 2:22 PM, Kees Cook wrote: On Fri, Oct 23, 2015 at 2:07 PM, Andy Lutomirski wrote: On Oct 23, 2015 10:01 AM, "Kees Cook" wrote: On Fri, Oct 23, 2015 at 9:19 AM, Andy Lutomirski wrote: > I would argue that, if

Re: Should audit_seccomp check audit_enabled?

2015-10-23 Thread Andy Lutomirski
On Fri, Oct 23, 2015 at 2:22 PM, Kees Cook wrote: > On Fri, Oct 23, 2015 at 2:07 PM, Andy Lutomirski wrote: >> On Oct 23, 2015 10:01 AM, "Kees Cook" wrote: >>> >>> On Fri, Oct 23, 2015 at 9:19 AM, Andy Lutomirski >>> wrote: >>> > I would argue that, if auditing is off, audit_seccomp shouldn't

Re: Should audit_seccomp check audit_enabled?

2015-10-23 Thread Kees Cook
On Fri, Oct 23, 2015 at 2:07 PM, Andy Lutomirski wrote: > On Oct 23, 2015 10:01 AM, "Kees Cook" wrote: >> >> On Fri, Oct 23, 2015 at 9:19 AM, Andy Lutomirski wrote: >> > I would argue that, if auditing is off, audit_seccomp shouldn't do >> > anything. After all, unlike e.g. selinux, seccomp is

Re: Should audit_seccomp check audit_enabled?

2015-10-23 Thread Andy Lutomirski
On Fri, Oct 23, 2015 at 1:58 PM, Paul Moore wrote: > On Fri, Oct 23, 2015 at 4:51 PM, Steve Grubb wrote: >> On Friday, October 23, 2015 03:38:05 PM Paul Moore wrote: >>> On Fri, Oct 23, 2015 at 1:01 PM, Kees Cook wrote: >>> > On Fri, Oct 23, 2015 at 9:19 AM, Andy Lutomirski >> wrote: >>> >> I

Re: Should audit_seccomp check audit_enabled?

2015-10-23 Thread Andy Lutomirski
On Oct 23, 2015 10:01 AM, "Kees Cook" wrote: > > On Fri, Oct 23, 2015 at 9:19 AM, Andy Lutomirski wrote: > > I would argue that, if auditing is off, audit_seccomp shouldn't do > > anything. After all, unlike e.g. selinux, seccomp is not a systemwide > > policy, and seccomp signals might be

Re: Should audit_seccomp check audit_enabled?

2015-10-23 Thread Paul Moore
On Fri, Oct 23, 2015 at 4:51 PM, Steve Grubb wrote: > On Friday, October 23, 2015 03:38:05 PM Paul Moore wrote: >> On Fri, Oct 23, 2015 at 1:01 PM, Kees Cook wrote: >> > On Fri, Oct 23, 2015 at 9:19 AM, Andy Lutomirski > wrote: >> >> I would argue that, if auditing is off, audit_seccomp

Re: Should audit_seccomp check audit_enabled?

2015-10-23 Thread Steve Grubb
On Friday, October 23, 2015 03:38:05 PM Paul Moore wrote: > On Fri, Oct 23, 2015 at 1:01 PM, Kees Cook wrote: > > On Fri, Oct 23, 2015 at 9:19 AM, Andy Lutomirski wrote: > >> I would argue that, if auditing is off, audit_seccomp shouldn't do > >> anything. After all, unlike e.g. selinux,

Re: Should audit_seccomp check audit_enabled?

2015-10-23 Thread Paul Moore
On Fri, Oct 23, 2015 at 1:01 PM, Kees Cook wrote: > On Fri, Oct 23, 2015 at 9:19 AM, Andy Lutomirski wrote: >> I would argue that, if auditing is off, audit_seccomp shouldn't do >> anything. After all, unlike e.g. selinux, seccomp is not a systemwide >> policy, and seccomp signals might be

Re: Should audit_seccomp check audit_enabled?

2015-10-23 Thread Richard Guy Briggs
On 15/10/23, Andy Lutomirski wrote: > I would argue that, if auditing is off, audit_seccomp shouldn't do > anything. After all, unlike e.g. selinux, seccomp is not a systemwide > policy, and seccomp signals might be ordinary behavior that's internal > to the seccomp-using application. IOW, for

Re: Should audit_seccomp check audit_enabled?

2015-10-23 Thread Kees Cook
On Fri, Oct 23, 2015 at 9:19 AM, Andy Lutomirski wrote: > I would argue that, if auditing is off, audit_seccomp shouldn't do > anything. After all, unlike e.g. selinux, seccomp is not a systemwide > policy, and seccomp signals might be ordinary behavior that's internal > to the seccomp-using

Should audit_seccomp check audit_enabled?

2015-10-23 Thread Andy Lutomirski
I would argue that, if auditing is off, audit_seccomp shouldn't do anything. After all, unlike e.g. selinux, seccomp is not a systemwide policy, and seccomp signals might be ordinary behavior that's internal to the seccomp-using application. IOW, for people with audit compiled in and subscribed

Should audit_seccomp check audit_enabled?

2015-10-23 Thread Andy Lutomirski
I would argue that, if auditing is off, audit_seccomp shouldn't do anything. After all, unlike e.g. selinux, seccomp is not a systemwide policy, and seccomp signals might be ordinary behavior that's internal to the seccomp-using application. IOW, for people with audit compiled in and subscribed

Re: Should audit_seccomp check audit_enabled?

2015-10-23 Thread Kees Cook
On Fri, Oct 23, 2015 at 9:19 AM, Andy Lutomirski wrote: > I would argue that, if auditing is off, audit_seccomp shouldn't do > anything. After all, unlike e.g. selinux, seccomp is not a systemwide > policy, and seccomp signals might be ordinary behavior that's internal > to

Re: Should audit_seccomp check audit_enabled?

2015-10-23 Thread Paul Moore
On October 23, 2015 5:30:45 PM Andy Lutomirski wrote: On Fri, Oct 23, 2015 at 2:22 PM, Kees Cook wrote: On Fri, Oct 23, 2015 at 2:07 PM, Andy Lutomirski wrote: On Oct 23, 2015 10:01 AM, "Kees Cook"

Re: Should audit_seccomp check audit_enabled?

2015-10-23 Thread Richard Guy Briggs
On 15/10/23, Andy Lutomirski wrote: > I would argue that, if auditing is off, audit_seccomp shouldn't do > anything. After all, unlike e.g. selinux, seccomp is not a systemwide > policy, and seccomp signals might be ordinary behavior that's internal > to the seccomp-using application. IOW, for

Re: Should audit_seccomp check audit_enabled?

2015-10-23 Thread Paul Moore
On Fri, Oct 23, 2015 at 1:01 PM, Kees Cook wrote: > On Fri, Oct 23, 2015 at 9:19 AM, Andy Lutomirski wrote: >> I would argue that, if auditing is off, audit_seccomp shouldn't do >> anything. After all, unlike e.g. selinux, seccomp is not a systemwide

Re: Should audit_seccomp check audit_enabled?

2015-10-23 Thread Andy Lutomirski
On Fri, Oct 23, 2015 at 1:58 PM, Paul Moore wrote: > On Fri, Oct 23, 2015 at 4:51 PM, Steve Grubb wrote: >> On Friday, October 23, 2015 03:38:05 PM Paul Moore wrote: >>> On Fri, Oct 23, 2015 at 1:01 PM, Kees Cook wrote: >>> > On

Re: Should audit_seccomp check audit_enabled?

2015-10-23 Thread Andy Lutomirski
On Fri, Oct 23, 2015 at 2:22 PM, Kees Cook wrote: > On Fri, Oct 23, 2015 at 2:07 PM, Andy Lutomirski wrote: >> On Oct 23, 2015 10:01 AM, "Kees Cook" wrote: >>> >>> On Fri, Oct 23, 2015 at 9:19 AM, Andy Lutomirski

Re: Should audit_seccomp check audit_enabled?

2015-10-23 Thread Kees Cook
On Fri, Oct 23, 2015 at 2:07 PM, Andy Lutomirski wrote: > On Oct 23, 2015 10:01 AM, "Kees Cook" wrote: >> >> On Fri, Oct 23, 2015 at 9:19 AM, Andy Lutomirski wrote: >> > I would argue that, if auditing is off, audit_seccomp

Re: Should audit_seccomp check audit_enabled?

2015-10-23 Thread Steve Grubb
On Friday, October 23, 2015 03:38:05 PM Paul Moore wrote: > On Fri, Oct 23, 2015 at 1:01 PM, Kees Cook wrote: > > On Fri, Oct 23, 2015 at 9:19 AM, Andy Lutomirski wrote: > >> I would argue that, if auditing is off, audit_seccomp shouldn't do > >>

Re: Should audit_seccomp check audit_enabled?

2015-10-23 Thread Paul Moore
On Fri, Oct 23, 2015 at 4:51 PM, Steve Grubb wrote: > On Friday, October 23, 2015 03:38:05 PM Paul Moore wrote: >> On Fri, Oct 23, 2015 at 1:01 PM, Kees Cook wrote: >> > On Fri, Oct 23, 2015 at 9:19 AM, Andy Lutomirski > wrote: >>

Re: Should audit_seccomp check audit_enabled?

2015-10-23 Thread Andy Lutomirski
On Oct 23, 2015 10:01 AM, "Kees Cook" wrote: > > On Fri, Oct 23, 2015 at 9:19 AM, Andy Lutomirski wrote: > > I would argue that, if auditing is off, audit_seccomp shouldn't do > > anything. After all, unlike e.g. selinux, seccomp is not a systemwide >