Re: [PATCH V2] audit: log module name on init_module

On 2017-02-14 13:43, Steve Grubb wrote: > On Tuesday, February 14, 2017 1:38:36 PM EST Paul Moore wrote: > > On Tue, Feb 14, 2017 at 1:11 PM, Richard Guy Briggs wrote: > > > On 2017-02-14 13:02, Steve Grubb wrote: > > >> On Monday, February 13, 2017 4:20:55 PM EST Paul Moore

Re: [PATCH V2] audit: log module name on init_module

On 2017-02-14 13:43, Steve Grubb wrote: > On Tuesday, February 14, 2017 1:38:36 PM EST Paul Moore wrote: > > On Tue, Feb 14, 2017 at 1:11 PM, Richard Guy Briggs wrote: > > > On 2017-02-14 13:02, Steve Grubb wrote: > > >> On Monday, February 13, 2017 4:20:55 PM EST Paul Moore wrote: > > >> > On

Re: [PATCH V2] audit: log module name on init_module

On Tuesday, February 14, 2017 1:38:36 PM EST Paul Moore wrote: > On Tue, Feb 14, 2017 at 1:11 PM, Richard Guy Briggs wrote: > > On 2017-02-14 13:02, Steve Grubb wrote: > >> On Monday, February 13, 2017 4:20:55 PM EST Paul Moore wrote: > >> > On Sat, Feb 4, 2017 at 1:10 PM,

Re: [PATCH V2] audit: log module name on init_module

On Tuesday, February 14, 2017 1:38:36 PM EST Paul Moore wrote: > On Tue, Feb 14, 2017 at 1:11 PM, Richard Guy Briggs wrote: > > On 2017-02-14 13:02, Steve Grubb wrote: > >> On Monday, February 13, 2017 4:20:55 PM EST Paul Moore wrote: > >> > On Sat, Feb 4, 2017 at 1:10 PM, Richard Guy Briggs

Re: [PATCH V2] audit: log module name on init_module

On Tue, Feb 14, 2017 at 1:11 PM, Richard Guy Briggs wrote: > On 2017-02-14 13:02, Steve Grubb wrote: >> On Monday, February 13, 2017 4:20:55 PM EST Paul Moore wrote: >> > On Sat, Feb 4, 2017 at 1:10 PM, Richard Guy Briggs wrote: >> > > This adds a new auxiliary

Re: [PATCH V2] audit: log module name on init_module

On Tue, Feb 14, 2017 at 1:11 PM, Richard Guy Briggs wrote: > On 2017-02-14 13:02, Steve Grubb wrote: >> On Monday, February 13, 2017 4:20:55 PM EST Paul Moore wrote: >> > On Sat, Feb 4, 2017 at 1:10 PM, Richard Guy Briggs wrote: >> > > This adds a new auxiliary record MODULE_INIT to the SYSCALL

Re: [PATCH V2] audit: log module name on init_module

On 2017-02-14 13:02, Steve Grubb wrote: > On Monday, February 13, 2017 4:20:55 PM EST Paul Moore wrote: > > On Sat, Feb 4, 2017 at 1:10 PM, Richard Guy Briggs wrote: > > > This adds a new auxiliary record MODULE_INIT to the SYSCALL event. > > > > > > We get finit_module for free

Re: [PATCH V2] audit: log module name on init_module

On 2017-02-14 13:02, Steve Grubb wrote: > On Monday, February 13, 2017 4:20:55 PM EST Paul Moore wrote: > > On Sat, Feb 4, 2017 at 1:10 PM, Richard Guy Briggs wrote: > > > This adds a new auxiliary record MODULE_INIT to the SYSCALL event. > > > > > > We get finit_module for free since it made

Re: [PATCH V2] audit: log module name on init_module

On Monday, February 13, 2017 4:20:55 PM EST Paul Moore wrote: > On Sat, Feb 4, 2017 at 1:10 PM, Richard Guy Briggs wrote: > > This adds a new auxiliary record MODULE_INIT to the SYSCALL event. > > > > We get finit_module for free since it made most sense to hook this in to > >

Re: [PATCH V2] audit: log module name on init_module

On Monday, February 13, 2017 4:20:55 PM EST Paul Moore wrote: > On Sat, Feb 4, 2017 at 1:10 PM, Richard Guy Briggs wrote: > > This adds a new auxiliary record MODULE_INIT to the SYSCALL event. > > > > We get finit_module for free since it made most sense to hook this in to > > load_module(). > >

Re: audit: log module name on init_module

+++ Paul Moore [13/02/17 16:20 -0500]: On Sat, Feb 4, 2017 at 1:10 PM, Richard Guy Briggs wrote: This adds a new auxiliary record MODULE_INIT to the SYSCALL event. We get finit_module for free since it made most sense to hook this in to load_module().

Re: audit: log module name on init_module

+++ Paul Moore [13/02/17 16:20 -0500]: On Sat, Feb 4, 2017 at 1:10 PM, Richard Guy Briggs wrote: This adds a new auxiliary record MODULE_INIT to the SYSCALL event. We get finit_module for free since it made most sense to hook this in to load_module().

Re: [PATCH V2] audit: log module name on init_module

On Sat, Feb 4, 2017 at 1:10 PM, Richard Guy Briggs wrote: > This adds a new auxiliary record MODULE_INIT to the SYSCALL event. > > We get finit_module for free since it made most sense to hook this in to > load_module(). > > https://github.com/linux-audit/audit-kernel/issues/7 >

Re: [PATCH V2] audit: log module name on init_module

On Sat, Feb 4, 2017 at 1:10 PM, Richard Guy Briggs wrote: > This adds a new auxiliary record MODULE_INIT to the SYSCALL event. > > We get finit_module for free since it made most sense to hook this in to > load_module(). > > https://github.com/linux-audit/audit-kernel/issues/7 >

[PATCH V2] audit: log module name on init_module

This adds a new auxiliary record MODULE_INIT to the SYSCALL event. We get finit_module for free since it made most sense to hook this in to load_module(). https://github.com/linux-audit/audit-kernel/issues/7 https://github.com/linux-audit/audit-kernel/wiki/RFE-Module-load-record-format

[PATCH V2] audit: log module name on init_module

This adds a new auxiliary record MODULE_INIT to the SYSCALL event. We get finit_module for free since it made most sense to hook this in to load_module(). https://github.com/linux-audit/audit-kernel/issues/7 https://github.com/linux-audit/audit-kernel/wiki/RFE-Module-load-record-format

Re: [RFC] [PATCH] audit: log module name on init_module

On 2017-02-04 08:27, Steve Grubb wrote: > On Friday, February 3, 2017 7:18:58 PM EST Paul Moore wrote: > > On Tue, Jan 31, 2017 at 3:02 PM, Richard Guy Briggs wrote: > > > On 2017-01-31 11:07, Paul Moore wrote: > > >> On Tue, Jan 31, 2017 at 7:36 AM, Richard Guy Briggs

Re: [RFC] [PATCH] audit: log module name on init_module

On 2017-02-04 08:27, Steve Grubb wrote: > On Friday, February 3, 2017 7:18:58 PM EST Paul Moore wrote: > > On Tue, Jan 31, 2017 at 3:02 PM, Richard Guy Briggs wrote: > > > On 2017-01-31 11:07, Paul Moore wrote: > > >> On Tue, Jan 31, 2017 at 7:36 AM, Richard Guy Briggs > wrote: > > >> > On

Re: [RFC] [PATCH] audit: log module name on init_module

On 2017-02-03 19:18, Paul Moore wrote: > On Tue, Jan 31, 2017 at 3:02 PM, Richard Guy Briggs wrote: > > On 2017-01-31 11:07, Paul Moore wrote: > >> On Tue, Jan 31, 2017 at 7:36 AM, Richard Guy Briggs > >> wrote: > >> > On 2017-01-31 06:59, Paul Moore wrote: >

Re: [RFC] [PATCH] audit: log module name on init_module

On 2017-02-03 19:18, Paul Moore wrote: > On Tue, Jan 31, 2017 at 3:02 PM, Richard Guy Briggs wrote: > > On 2017-01-31 11:07, Paul Moore wrote: > >> On Tue, Jan 31, 2017 at 7:36 AM, Richard Guy Briggs > >> wrote: > >> > On 2017-01-31 06:59, Paul Moore wrote: > >> >> On Thu, Jan 26, 2017 at 4:21

Re: [RFC] [PATCH] audit: log module name on init_module

On Friday, February 3, 2017 7:18:58 PM EST Paul Moore wrote: > On Tue, Jan 31, 2017 at 3:02 PM, Richard Guy Briggs wrote: > > On 2017-01-31 11:07, Paul Moore wrote: > >> On Tue, Jan 31, 2017 at 7:36 AM, Richard Guy Briggs wrote: > >> > On 2017-01-31 06:59, Paul

Re: [RFC] [PATCH] audit: log module name on init_module

On Friday, February 3, 2017 7:18:58 PM EST Paul Moore wrote: > On Tue, Jan 31, 2017 at 3:02 PM, Richard Guy Briggs wrote: > > On 2017-01-31 11:07, Paul Moore wrote: > >> On Tue, Jan 31, 2017 at 7:36 AM, Richard Guy Briggs wrote: > >> > On 2017-01-31 06:59, Paul Moore wrote: > >> >> On Thu, Jan

Re: [RFC] [PATCH] audit: log module name on init_module

On Tue, Jan 31, 2017 at 3:02 PM, Richard Guy Briggs wrote: > On 2017-01-31 11:07, Paul Moore wrote: >> On Tue, Jan 31, 2017 at 7:36 AM, Richard Guy Briggs wrote: >> > On 2017-01-31 06:59, Paul Moore wrote: >> >> On Thu, Jan 26, 2017 at 4:21 PM, Richard Guy

Re: [RFC] [PATCH] audit: log module name on init_module

On Tue, Jan 31, 2017 at 3:02 PM, Richard Guy Briggs wrote: > On 2017-01-31 11:07, Paul Moore wrote: >> On Tue, Jan 31, 2017 at 7:36 AM, Richard Guy Briggs wrote: >> > On 2017-01-31 06:59, Paul Moore wrote: >> >> On Thu, Jan 26, 2017 at 4:21 PM, Richard Guy Briggs >> >> wrote: >> >> > This adds

Re: [RFC] [PATCH] audit: log module name on init_module

On Tue, 31 Jan 2017 11:07:24 -0500 Paul Moore wrote: > On Tue, Jan 31, 2017 at 7:36 AM, Richard Guy Briggs > wrote: > > On 2017-01-31 06:59, Paul Moore wrote: > >> On Thu, Jan 26, 2017 at 4:21 PM, Richard Guy Briggs > >> wrote: > >> >

Re: [RFC] [PATCH] audit: log module name on init_module

On Tue, 31 Jan 2017 11:07:24 -0500 Paul Moore wrote: > On Tue, Jan 31, 2017 at 7:36 AM, Richard Guy Briggs > wrote: > > On 2017-01-31 06:59, Paul Moore wrote: > >> On Thu, Jan 26, 2017 at 4:21 PM, Richard Guy Briggs > >> wrote: > >> > This adds a new auxiliary record MODULE_INIT to the

Re: [RFC] [PATCH] audit: log module name on init_module

On 2017-01-31 11:07, Paul Moore wrote: > On Tue, Jan 31, 2017 at 7:36 AM, Richard Guy Briggs wrote: > > On 2017-01-31 06:59, Paul Moore wrote: > >> On Thu, Jan 26, 2017 at 4:21 PM, Richard Guy Briggs > >> wrote: > >> > This adds a new auxiliary record

Re: [RFC] [PATCH] audit: log module name on init_module

On 2017-01-31 11:07, Paul Moore wrote: > On Tue, Jan 31, 2017 at 7:36 AM, Richard Guy Briggs wrote: > > On 2017-01-31 06:59, Paul Moore wrote: > >> On Thu, Jan 26, 2017 at 4:21 PM, Richard Guy Briggs > >> wrote: > >> > This adds a new auxiliary record MODULE_INIT to the SYSCALL event. > >> > >

Re: [RFC] [PATCH] audit: log module name on init_module

On Tue, Jan 31, 2017 at 7:36 AM, Richard Guy Briggs wrote: > On 2017-01-31 06:59, Paul Moore wrote: >> On Thu, Jan 26, 2017 at 4:21 PM, Richard Guy Briggs wrote: >> > This adds a new auxiliary record MODULE_INIT to the SYSCALL event. >> > >> > We get

Re: [RFC] [PATCH] audit: log module name on init_module

On Tue, Jan 31, 2017 at 7:36 AM, Richard Guy Briggs wrote: > On 2017-01-31 06:59, Paul Moore wrote: >> On Thu, Jan 26, 2017 at 4:21 PM, Richard Guy Briggs wrote: >> > This adds a new auxiliary record MODULE_INIT to the SYSCALL event. >> > >> > We get finit_module for free since it made most

Re: [RFC] [PATCH] audit: log module name on init_module

On 2017-01-31 06:59, Paul Moore wrote: > On Thu, Jan 26, 2017 at 4:21 PM, Richard Guy Briggs wrote: > > This adds a new auxiliary record MODULE_INIT to the SYSCALL event. > > > > We get finit_module for free since it made most sense to hook this in to > > load_module(). > > > >

Re: [RFC] [PATCH] audit: log module name on init_module

On 2017-01-31 06:59, Paul Moore wrote: > On Thu, Jan 26, 2017 at 4:21 PM, Richard Guy Briggs wrote: > > This adds a new auxiliary record MODULE_INIT to the SYSCALL event. > > > > We get finit_module for free since it made most sense to hook this in to > > load_module(). > > > >

Re: [RFC] [PATCH] audit: log module name on init_module

On Thu, Jan 26, 2017 at 4:21 PM, Richard Guy Briggs wrote: > This adds a new auxiliary record MODULE_INIT to the SYSCALL event. > > We get finit_module for free since it made most sense to hook this in to > load_module(). > > https://github.com/linux-audit/audit-kernel/issues/7 >

Re: [RFC] [PATCH] audit: log module name on init_module

On Thu, Jan 26, 2017 at 4:21 PM, Richard Guy Briggs wrote: > This adds a new auxiliary record MODULE_INIT to the SYSCALL event. > > We get finit_module for free since it made most sense to hook this in to > load_module(). > > https://github.com/linux-audit/audit-kernel/issues/7 >

Re: [RFC] [PATCH] audit: log module name on init_module

On 2017-01-30 11:54, Steve Grubb wrote: > On Thu, 26 Jan 2017 14:50:07 -0500 > Richard Guy Briggs wrote: > > > This adds a new auxiliary record MODULE_INIT to the SYSCALL event. > > Thanks, this is definitely needed. Can you provide an example event > generated by this? It's

Re: [RFC] [PATCH] audit: log module name on init_module

On 2017-01-30 11:54, Steve Grubb wrote: > On Thu, 26 Jan 2017 14:50:07 -0500 > Richard Guy Briggs wrote: > > > This adds a new auxiliary record MODULE_INIT to the SYSCALL event. > > Thanks, this is definitely needed. Can you provide an example event > generated by this? It's in the wiki RFE,

Re: [RFC] [PATCH] audit: log module name on init_module

On Thu, 26 Jan 2017 14:50:07 -0500 Richard Guy Briggs wrote: > This adds a new auxiliary record MODULE_INIT to the SYSCALL event. Thanks, this is definitely needed. Can you provide an example event generated by this? -Steve > We get finit_module for free since it made most

Re: [RFC] [PATCH] audit: log module name on init_module

On Thu, 26 Jan 2017 14:50:07 -0500 Richard Guy Briggs wrote: > This adds a new auxiliary record MODULE_INIT to the SYSCALL event. Thanks, this is definitely needed. Can you provide an example event generated by this? -Steve > We get finit_module for free since it made most sense to hook this

Re: [RFC] [PATCH] audit: log module name on init_module

On 2017-01-27 10:34, Rusty Russell wrote: > Hi RGB! Hey Rust! Hi Jeyu, > This should get acked by the new module maintainer (and your RH > peer!) Jeyu, cc'd. Ah ok, that changed 4.9, this patch was based on 4.8 (audit/next). Thanks! > Cheers, > Rusty. > > Richard Guy

Re: [RFC] [PATCH] audit: log module name on init_module

On 2017-01-27 10:34, Rusty Russell wrote: > Hi RGB! Hey Rust! Hi Jeyu, > This should get acked by the new module maintainer (and your RH > peer!) Jeyu, cc'd. Ah ok, that changed 4.9, this patch was based on 4.8 (audit/next). Thanks! > Cheers, > Rusty. > > Richard Guy

Re: [RFC] [PATCH] audit: log module name on init_module

Hi RGB! This should get acked by the new module maintainer (and your RH peer!) Jeyu, cc'd. Cheers, Rusty. Richard Guy Briggs writes: > This adds a new auxiliary record MODULE_INIT to the SYSCALL event. > > We get finit_module for free since it made most sense

Re: [RFC] [PATCH] audit: log module name on init_module

Hi RGB! This should get acked by the new module maintainer (and your RH peer!) Jeyu, cc'd. Cheers, Rusty. Richard Guy Briggs writes: > This adds a new auxiliary record MODULE_INIT to the SYSCALL event. > > We get finit_module for free since it made most sense to hook this in to

[RFC] [PATCH] audit: log module name on init_module

This adds a new auxiliary record MODULE_INIT to the SYSCALL event. We get finit_module for free since it made most sense to hook this in to load_module(). https://github.com/linux-audit/audit-kernel/issues/7 https://github.com/linux-audit/audit-kernel/wiki/RFE-Module-load-record-format

[RFC] [PATCH] audit: log module name on init_module

This adds a new auxiliary record MODULE_INIT to the SYSCALL event. We get finit_module for free since it made most sense to hook this in to load_module(). https://github.com/linux-audit/audit-kernel/issues/7 https://github.com/linux-audit/audit-kernel/wiki/RFE-Module-load-record-format

Re: [RFC] [PATCH] audit: log module name on init_module

On 2017-01-26 14:50, Richard Guy Briggs wrote: > This adds a new auxiliary record MODULE_INIT to the SYSCALL event. > > We get finit_module for free since it made most sense to hook this in to > load_module(). > > https://github.com/linux-audit/audit-kernel/issues/7 >

Re: [RFC] [PATCH] audit: log module name on init_module

On 2017-01-26 14:50, Richard Guy Briggs wrote: > This adds a new auxiliary record MODULE_INIT to the SYSCALL event. > > We get finit_module for free since it made most sense to hook this in to > load_module(). > > https://github.com/linux-audit/audit-kernel/issues/7 >

[RFC] [PATCH] audit: log module name on init_module

This adds a new auxiliary record MODULE_INIT to the SYSCALL event. We get finit_module for free since it made most sense to hook this in to load_module(). https://github.com/linux-audit/audit-kernel/issues/7 https://github.com/linux-audit/audit-kernel/wiki/RFE-Module-load-record-format

[RFC] [PATCH] audit: log module name on init_module

This adds a new auxiliary record MODULE_INIT to the SYSCALL event. We get finit_module for free since it made most sense to hook this in to load_module(). https://github.com/linux-audit/audit-kernel/issues/7 https://github.com/linux-audit/audit-kernel/wiki/RFE-Module-load-record-format