On Tuesday, May 22, 2018 9:43:46 AM EDT Richard Guy Briggs wrote:
> On 2018-05-21 17:57, Stefan Berger wrote:
> > On 05/21/2018 02:30 PM, Steve Grubb wrote:
> > > Hello Stefan,
> > >
> > > On Monday, May 21, 2018 1:53:04 PM EDT Stefan Berger wrote:
> > > > On 05/21/2018 12:58 PM, Steve Grubb
On Tuesday, May 22, 2018 9:43:46 AM EDT Richard Guy Briggs wrote:
> On 2018-05-21 17:57, Stefan Berger wrote:
> > On 05/21/2018 02:30 PM, Steve Grubb wrote:
> > > Hello Stefan,
> > >
> > > On Monday, May 21, 2018 1:53:04 PM EDT Stefan Berger wrote:
> > > > On 05/21/2018 12:58 PM, Steve Grubb
On Monday, May 21, 2018 5:57:29 PM EDT Stefan Berger wrote:
> Should some of the fields from INTEGRITY_PCR also appear in
> INTEGRITY_RULE? If so, which ones?
> >>>
> >>> pid, uid, auid, tty, session, subj, comm, exe, res. <- these are
> >>> required to be searchable
> >>>
> We
On Monday, May 21, 2018 5:57:29 PM EDT Stefan Berger wrote:
> Should some of the fields from INTEGRITY_PCR also appear in
> INTEGRITY_RULE? If so, which ones?
> >>>
> >>> pid, uid, auid, tty, session, subj, comm, exe, res. <- these are
> >>> required to be searchable
> >>>
> We
On 2018-05-21 17:57, Stefan Berger wrote:
> On 05/21/2018 02:30 PM, Steve Grubb wrote:
> > Hello Stefan,
> >
> > On Monday, May 21, 2018 1:53:04 PM EDT Stefan Berger wrote:
> > > On 05/21/2018 12:58 PM, Steve Grubb wrote:
> > > > On Thursday, May 17, 2018 10:18:13 AM EDT Stefan Berger wrote:
> >
On 2018-05-21 17:57, Stefan Berger wrote:
> On 05/21/2018 02:30 PM, Steve Grubb wrote:
> > Hello Stefan,
> >
> > On Monday, May 21, 2018 1:53:04 PM EDT Stefan Berger wrote:
> > > On 05/21/2018 12:58 PM, Steve Grubb wrote:
> > > > On Thursday, May 17, 2018 10:18:13 AM EDT Stefan Berger wrote:
> >
On 05/21/2018 02:30 PM, Steve Grubb wrote:
Hello Stefan,
On Monday, May 21, 2018 1:53:04 PM EDT Stefan Berger wrote:
On 05/21/2018 12:58 PM, Steve Grubb wrote:
On Thursday, May 17, 2018 10:18:13 AM EDT Stefan Berger wrote:
audit_log_container_info() then releasing the local context. This
On 05/21/2018 02:30 PM, Steve Grubb wrote:
Hello Stefan,
On Monday, May 21, 2018 1:53:04 PM EDT Stefan Berger wrote:
On 05/21/2018 12:58 PM, Steve Grubb wrote:
On Thursday, May 17, 2018 10:18:13 AM EDT Stefan Berger wrote:
audit_log_container_info() then releasing the local context. This
Hello Stefan,
On Monday, May 21, 2018 2:04:08 PM EDT Stefan Berger wrote:
> On 05/21/2018 01:21 PM, Steve Grubb wrote:
> > On Friday, May 18, 2018 12:34:24 PM EDT Mimi Zohar wrote:
> >> On Fri, 2018-05-18 at 11:56 -0400, Richard Guy Briggs wrote:
> >>> On 2018-05-18 10:39, Mimi Zohar wrote:
>
Hello Stefan,
On Monday, May 21, 2018 2:04:08 PM EDT Stefan Berger wrote:
> On 05/21/2018 01:21 PM, Steve Grubb wrote:
> > On Friday, May 18, 2018 12:34:24 PM EDT Mimi Zohar wrote:
> >> On Fri, 2018-05-18 at 11:56 -0400, Richard Guy Briggs wrote:
> >>> On 2018-05-18 10:39, Mimi Zohar wrote:
>
Hello Stefan,
On Monday, May 21, 2018 1:53:04 PM EDT Stefan Berger wrote:
> On 05/21/2018 12:58 PM, Steve Grubb wrote:
> > On Thursday, May 17, 2018 10:18:13 AM EDT Stefan Berger wrote:
> >>> audit_log_container_info() then releasing the local context. This
> >>> version of the record has
Hello Stefan,
On Monday, May 21, 2018 1:53:04 PM EDT Stefan Berger wrote:
> On 05/21/2018 12:58 PM, Steve Grubb wrote:
> > On Thursday, May 17, 2018 10:18:13 AM EDT Stefan Berger wrote:
> >>> audit_log_container_info() then releasing the local context. This
> >>> version of the record has
On 05/21/2018 01:21 PM, Steve Grubb wrote:
On Friday, May 18, 2018 12:34:24 PM EDT Mimi Zohar wrote:
On Fri, 2018-05-18 at 11:56 -0400, Richard Guy Briggs wrote:
On 2018-05-18 10:39, Mimi Zohar wrote:
On Fri, 2018-05-18 at 09:54 -0400, Stefan Berger wrote:
On 05/18/2018 08:53 AM, Mimi Zohar
On 05/21/2018 01:21 PM, Steve Grubb wrote:
On Friday, May 18, 2018 12:34:24 PM EDT Mimi Zohar wrote:
On Fri, 2018-05-18 at 11:56 -0400, Richard Guy Briggs wrote:
On 2018-05-18 10:39, Mimi Zohar wrote:
On Fri, 2018-05-18 at 09:54 -0400, Stefan Berger wrote:
On 05/18/2018 08:53 AM, Mimi Zohar
On 05/21/2018 12:58 PM, Steve Grubb wrote:
On Thursday, May 17, 2018 10:18:13 AM EDT Stefan Berger wrote:
audit_log_container_info() then releasing the local context. This
version of the record has additional concerns covered here:
https://github.com/linux-audit/audit-kernel/issues/52
On 05/21/2018 12:58 PM, Steve Grubb wrote:
On Thursday, May 17, 2018 10:18:13 AM EDT Stefan Berger wrote:
audit_log_container_info() then releasing the local context. This
version of the record has additional concerns covered here:
https://github.com/linux-audit/audit-kernel/issues/52
On Friday, May 18, 2018 12:34:24 PM EDT Mimi Zohar wrote:
> On Fri, 2018-05-18 at 11:56 -0400, Richard Guy Briggs wrote:
> > On 2018-05-18 10:39, Mimi Zohar wrote:
> > > On Fri, 2018-05-18 at 09:54 -0400, Stefan Berger wrote:
> > > > On 05/18/2018 08:53 AM, Mimi Zohar wrote:
> > > [..]
> > >
> >
On Friday, May 18, 2018 12:34:24 PM EDT Mimi Zohar wrote:
> On Fri, 2018-05-18 at 11:56 -0400, Richard Guy Briggs wrote:
> > On 2018-05-18 10:39, Mimi Zohar wrote:
> > > On Fri, 2018-05-18 at 09:54 -0400, Stefan Berger wrote:
> > > > On 05/18/2018 08:53 AM, Mimi Zohar wrote:
> > > [..]
> > >
> >
On Thursday, May 17, 2018 10:18:13 AM EDT Stefan Berger wrote:
> > audit_log_container_info() then releasing the local context. This
> > version of the record has additional concerns covered here:
> > https://github.com/linux-audit/audit-kernel/issues/52
>
> Following the discussion there and
On Thursday, May 17, 2018 10:18:13 AM EDT Stefan Berger wrote:
> > audit_log_container_info() then releasing the local context. This
> > version of the record has additional concerns covered here:
> > https://github.com/linux-audit/audit-kernel/issues/52
>
> Following the discussion there and
On 2018-05-18 12:49, Stefan Berger wrote:
> On 05/18/2018 11:45 AM, Richard Guy Briggs wrote:
> > On 2018-05-18 07:49, Stefan Berger wrote:
> > > On 05/17/2018 05:30 PM, Richard Guy Briggs wrote:
> > > > On 2018-05-17 10:18, Stefan Berger wrote:
> > > > > On 03/08/2018 06:21 AM, Richard Guy Briggs
On 2018-05-18 12:49, Stefan Berger wrote:
> On 05/18/2018 11:45 AM, Richard Guy Briggs wrote:
> > On 2018-05-18 07:49, Stefan Berger wrote:
> > > On 05/17/2018 05:30 PM, Richard Guy Briggs wrote:
> > > > On 2018-05-17 10:18, Stefan Berger wrote:
> > > > > On 03/08/2018 06:21 AM, Richard Guy Briggs
On 2018-05-18 12:34, Mimi Zohar wrote:
> On Fri, 2018-05-18 at 11:56 -0400, Richard Guy Briggs wrote:
> > On 2018-05-18 10:39, Mimi Zohar wrote:
> > > On Fri, 2018-05-18 at 09:54 -0400, Stefan Berger wrote:
> > > > On 05/18/2018 08:53 AM, Mimi Zohar wrote:
> > >
> > > [..]
> > >
> > > > If
On 2018-05-18 12:34, Mimi Zohar wrote:
> On Fri, 2018-05-18 at 11:56 -0400, Richard Guy Briggs wrote:
> > On 2018-05-18 10:39, Mimi Zohar wrote:
> > > On Fri, 2018-05-18 at 09:54 -0400, Stefan Berger wrote:
> > > > On 05/18/2018 08:53 AM, Mimi Zohar wrote:
> > >
> > > [..]
> > >
> > > > If
On 05/18/2018 11:45 AM, Richard Guy Briggs wrote:
On 2018-05-18 07:49, Stefan Berger wrote:
On 05/17/2018 05:30 PM, Richard Guy Briggs wrote:
On 2018-05-17 10:18, Stefan Berger wrote:
On 03/08/2018 06:21 AM, Richard Guy Briggs wrote:
On 2018-03-05 09:24, Mimi Zohar wrote:
On Mon, 2018-03-05
On 05/18/2018 11:45 AM, Richard Guy Briggs wrote:
On 2018-05-18 07:49, Stefan Berger wrote:
On 05/17/2018 05:30 PM, Richard Guy Briggs wrote:
On 2018-05-17 10:18, Stefan Berger wrote:
On 03/08/2018 06:21 AM, Richard Guy Briggs wrote:
On 2018-03-05 09:24, Mimi Zohar wrote:
On Mon, 2018-03-05
On Fri, 2018-05-18 at 11:56 -0400, Richard Guy Briggs wrote:
> On 2018-05-18 10:39, Mimi Zohar wrote:
> > On Fri, 2018-05-18 at 09:54 -0400, Stefan Berger wrote:
> > > On 05/18/2018 08:53 AM, Mimi Zohar wrote:
> >
> > [..]
> >
> > > If so, which ones? We could probably refactor the current
On Fri, 2018-05-18 at 11:56 -0400, Richard Guy Briggs wrote:
> On 2018-05-18 10:39, Mimi Zohar wrote:
> > On Fri, 2018-05-18 at 09:54 -0400, Stefan Berger wrote:
> > > On 05/18/2018 08:53 AM, Mimi Zohar wrote:
> >
> > [..]
> >
> > > If so, which ones? We could probably refactor the current
On 2018-05-18 10:52, Stefan Berger wrote:
> On 05/18/2018 10:39 AM, Mimi Zohar wrote:
> > On Fri, 2018-05-18 at 09:54 -0400, Stefan Berger wrote:
> > > On 05/18/2018 08:53 AM, Mimi Zohar wrote:
> > [..]
> >
> > > > > > > If so, which ones? We could probably refactor the current
> > > > > > >
On 2018-05-18 10:52, Stefan Berger wrote:
> On 05/18/2018 10:39 AM, Mimi Zohar wrote:
> > On Fri, 2018-05-18 at 09:54 -0400, Stefan Berger wrote:
> > > On 05/18/2018 08:53 AM, Mimi Zohar wrote:
> > [..]
> >
> > > > > > > If so, which ones? We could probably refactor the current
> > > > > > >
On 2018-05-18 10:39, Mimi Zohar wrote:
> On Fri, 2018-05-18 at 09:54 -0400, Stefan Berger wrote:
> > On 05/18/2018 08:53 AM, Mimi Zohar wrote:
>
> [..]
>
> > If so, which ones? We could probably refactor the current
> > integrity_audit_message() and have ima_parse_rule() call into it
On 2018-05-18 10:39, Mimi Zohar wrote:
> On Fri, 2018-05-18 at 09:54 -0400, Stefan Berger wrote:
> > On 05/18/2018 08:53 AM, Mimi Zohar wrote:
>
> [..]
>
> > If so, which ones? We could probably refactor the current
> > integrity_audit_message() and have ima_parse_rule() call into it
On 2018-05-18 08:53, Mimi Zohar wrote:
> On Fri, 2018-05-18 at 07:49 -0400, Stefan Berger wrote:
> > On 05/17/2018 05:30 PM, Richard Guy Briggs wrote:
>
> [...]
>
> > >>> auxiliary record either by being converted to a syscall auxiliary record
> > >>> by using current->audit_context rather than
On 2018-05-18 08:53, Mimi Zohar wrote:
> On Fri, 2018-05-18 at 07:49 -0400, Stefan Berger wrote:
> > On 05/17/2018 05:30 PM, Richard Guy Briggs wrote:
>
> [...]
>
> > >>> auxiliary record either by being converted to a syscall auxiliary record
> > >>> by using current->audit_context rather than
On 2018-05-18 07:49, Stefan Berger wrote:
> On 05/17/2018 05:30 PM, Richard Guy Briggs wrote:
> > On 2018-05-17 10:18, Stefan Berger wrote:
> > > On 03/08/2018 06:21 AM, Richard Guy Briggs wrote:
> > > > On 2018-03-05 09:24, Mimi Zohar wrote:
> > > > > On Mon, 2018-03-05 at 08:50 -0500, Richard
On 2018-05-18 07:49, Stefan Berger wrote:
> On 05/17/2018 05:30 PM, Richard Guy Briggs wrote:
> > On 2018-05-17 10:18, Stefan Berger wrote:
> > > On 03/08/2018 06:21 AM, Richard Guy Briggs wrote:
> > > > On 2018-03-05 09:24, Mimi Zohar wrote:
> > > > > On Mon, 2018-03-05 at 08:50 -0500, Richard
On 05/18/2018 10:39 AM, Mimi Zohar wrote:
On Fri, 2018-05-18 at 09:54 -0400, Stefan Berger wrote:
On 05/18/2018 08:53 AM, Mimi Zohar wrote:
[..]
If so, which ones? We could probably refactor the current
integrity_audit_message() and have ima_parse_rule() call into it to get
those fields as
On 05/18/2018 10:39 AM, Mimi Zohar wrote:
On Fri, 2018-05-18 at 09:54 -0400, Stefan Berger wrote:
On 05/18/2018 08:53 AM, Mimi Zohar wrote:
[..]
If so, which ones? We could probably refactor the current
integrity_audit_message() and have ima_parse_rule() call into it to get
those fields as
On Fri, 2018-05-18 at 09:54 -0400, Stefan Berger wrote:
> On 05/18/2018 08:53 AM, Mimi Zohar wrote:
[..]
> If so, which ones? We could probably refactor the current
> integrity_audit_message() and have ima_parse_rule() call into it to get
> those fields as well. I suppose adding
On Fri, 2018-05-18 at 09:54 -0400, Stefan Berger wrote:
> On 05/18/2018 08:53 AM, Mimi Zohar wrote:
[..]
> If so, which ones? We could probably refactor the current
> integrity_audit_message() and have ima_parse_rule() call into it to get
> those fields as well. I suppose adding
On 05/18/2018 08:53 AM, Mimi Zohar wrote:
On Fri, 2018-05-18 at 07:49 -0400, Stefan Berger wrote:
On 05/17/2018 05:30 PM, Richard Guy Briggs wrote:
[...]
auxiliary record either by being converted to a syscall auxiliary record
by using current->audit_context rather than NULL when calling
On 05/18/2018 08:53 AM, Mimi Zohar wrote:
On Fri, 2018-05-18 at 07:49 -0400, Stefan Berger wrote:
On 05/17/2018 05:30 PM, Richard Guy Briggs wrote:
[...]
auxiliary record either by being converted to a syscall auxiliary record
by using current->audit_context rather than NULL when calling
On Fri, 2018-05-18 at 07:49 -0400, Stefan Berger wrote:
> On 05/17/2018 05:30 PM, Richard Guy Briggs wrote:
[...]
> >>> auxiliary record either by being converted to a syscall auxiliary record
> >>> by using current->audit_context rather than NULL when calling
> >>> audit_log_start(), or
On Fri, 2018-05-18 at 07:49 -0400, Stefan Berger wrote:
> On 05/17/2018 05:30 PM, Richard Guy Briggs wrote:
[...]
> >>> auxiliary record either by being converted to a syscall auxiliary record
> >>> by using current->audit_context rather than NULL when calling
> >>> audit_log_start(), or
On 05/17/2018 05:30 PM, Richard Guy Briggs wrote:
On 2018-05-17 10:18, Stefan Berger wrote:
On 03/08/2018 06:21 AM, Richard Guy Briggs wrote:
On 2018-03-05 09:24, Mimi Zohar wrote:
On Mon, 2018-03-05 at 08:50 -0500, Richard Guy Briggs wrote:
On 2018-03-05 08:43, Mimi Zohar wrote:
Hi
On 05/17/2018 05:30 PM, Richard Guy Briggs wrote:
On 2018-05-17 10:18, Stefan Berger wrote:
On 03/08/2018 06:21 AM, Richard Guy Briggs wrote:
On 2018-03-05 09:24, Mimi Zohar wrote:
On Mon, 2018-03-05 at 08:50 -0500, Richard Guy Briggs wrote:
On 2018-03-05 08:43, Mimi Zohar wrote:
Hi
On 2018-05-17 10:18, Stefan Berger wrote:
> On 03/08/2018 06:21 AM, Richard Guy Briggs wrote:
> > On 2018-03-05 09:24, Mimi Zohar wrote:
> > > On Mon, 2018-03-05 at 08:50 -0500, Richard Guy Briggs wrote:
> > > > On 2018-03-05 08:43, Mimi Zohar wrote:
> > > > > Hi Richard,
> > > > >
> > > > > This
On 2018-05-17 10:18, Stefan Berger wrote:
> On 03/08/2018 06:21 AM, Richard Guy Briggs wrote:
> > On 2018-03-05 09:24, Mimi Zohar wrote:
> > > On Mon, 2018-03-05 at 08:50 -0500, Richard Guy Briggs wrote:
> > > > On 2018-03-05 08:43, Mimi Zohar wrote:
> > > > > Hi Richard,
> > > > >
> > > > > This
On 03/08/2018 06:21 AM, Richard Guy Briggs wrote:
On 2018-03-05 09:24, Mimi Zohar wrote:
On Mon, 2018-03-05 at 08:50 -0500, Richard Guy Briggs wrote:
On 2018-03-05 08:43, Mimi Zohar wrote:
Hi Richard,
This patch has been compiled, but not runtime tested.
Ok, great, thank you. I assume you
On 03/08/2018 06:21 AM, Richard Guy Briggs wrote:
On 2018-03-05 09:24, Mimi Zohar wrote:
On Mon, 2018-03-05 at 08:50 -0500, Richard Guy Briggs wrote:
On 2018-03-05 08:43, Mimi Zohar wrote:
Hi Richard,
This patch has been compiled, but not runtime tested.
Ok, great, thank you. I assume you
On 2018-03-08 13:02, Mimi Zohar wrote:
> On Thu, 2018-03-08 at 06:21 -0500, Richard Guy Briggs wrote:
> > On 2018-03-05 09:24, Mimi Zohar wrote:
> > > On Mon, 2018-03-05 at 08:50 -0500, Richard Guy Briggs wrote:
> > > > On 2018-03-05 08:43, Mimi Zohar wrote:
> > > > > Hi Richard,
> > > > >
> > >
On 2018-03-08 13:02, Mimi Zohar wrote:
> On Thu, 2018-03-08 at 06:21 -0500, Richard Guy Briggs wrote:
> > On 2018-03-05 09:24, Mimi Zohar wrote:
> > > On Mon, 2018-03-05 at 08:50 -0500, Richard Guy Briggs wrote:
> > > > On 2018-03-05 08:43, Mimi Zohar wrote:
> > > > > Hi Richard,
> > > > >
> > >
On Thu, 2018-03-08 at 06:21 -0500, Richard Guy Briggs wrote:
> On 2018-03-05 09:24, Mimi Zohar wrote:
> > On Mon, 2018-03-05 at 08:50 -0500, Richard Guy Briggs wrote:
> > > On 2018-03-05 08:43, Mimi Zohar wrote:
> > > > Hi Richard,
> > > >
> > > > This patch has been compiled, but not runtime
On Thu, 2018-03-08 at 06:21 -0500, Richard Guy Briggs wrote:
> On 2018-03-05 09:24, Mimi Zohar wrote:
> > On Mon, 2018-03-05 at 08:50 -0500, Richard Guy Briggs wrote:
> > > On 2018-03-05 08:43, Mimi Zohar wrote:
> > > > Hi Richard,
> > > >
> > > > This patch has been compiled, but not runtime
On 2018-03-05 09:24, Mimi Zohar wrote:
> On Mon, 2018-03-05 at 08:50 -0500, Richard Guy Briggs wrote:
> > On 2018-03-05 08:43, Mimi Zohar wrote:
> > > Hi Richard,
> > >
> > > This patch has been compiled, but not runtime tested.
> >
> > Ok, great, thank you. I assume you are offering this patch
On 2018-03-05 09:24, Mimi Zohar wrote:
> On Mon, 2018-03-05 at 08:50 -0500, Richard Guy Briggs wrote:
> > On 2018-03-05 08:43, Mimi Zohar wrote:
> > > Hi Richard,
> > >
> > > This patch has been compiled, but not runtime tested.
> >
> > Ok, great, thank you. I assume you are offering this patch
On Mon, 2018-03-05 at 08:50 -0500, Richard Guy Briggs wrote:
> On 2018-03-05 08:43, Mimi Zohar wrote:
> > Hi Richard,
> >
> > This patch has been compiled, but not runtime tested.
>
> Ok, great, thank you. I assume you are offering this patch to be
> included in this patchset?
Yes, thank you.
On Mon, 2018-03-05 at 08:50 -0500, Richard Guy Briggs wrote:
> On 2018-03-05 08:43, Mimi Zohar wrote:
> > Hi Richard,
> >
> > This patch has been compiled, but not runtime tested.
>
> Ok, great, thank you. I assume you are offering this patch to be
> included in this patchset?
Yes, thank you.
On 2018-03-05 08:43, Mimi Zohar wrote:
> Hi Richard,
>
> This patch has been compiled, but not runtime tested.
Ok, great, thank you. I assume you are offering this patch to be
included in this patchset? I'll have a look to see where it fits in the
IMA record. It might be better if it were an
On 2018-03-05 08:43, Mimi Zohar wrote:
> Hi Richard,
>
> This patch has been compiled, but not runtime tested.
Ok, great, thank you. I assume you are offering this patch to be
included in this patchset? I'll have a look to see where it fits in the
IMA record. It might be better if it were an
Hi Richard,
This patch has been compiled, but not runtime tested.
---
If the containerid is defined, include it in the IMA-audit record.
Signed-off-by: Mimi Zohar
---
security/integrity/ima/ima_api.c | 3 +++
1 file changed, 3 insertions(+)
diff --git
Hi Richard,
This patch has been compiled, but not runtime tested.
---
If the containerid is defined, include it in the IMA-audit record.
Signed-off-by: Mimi Zohar
---
security/integrity/ima/ima_api.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/security/integrity/ima/ima_api.c
62 matches
Mail list logo