On Sat, 2017-12-09 at 10:28 -0800, Casey Schaufler wrote:
> On 12/9/2017 2:20 AM, Micka�l Sala�n wrote:
> > What about automatically create
> > and assign an ID to a process when it enters a namespace different
> > than
> > one of its parent process? This delegates the (permission)
> >
On Fri, 2017-01-13 at 10:06 -0500, Richard Guy Briggs wrote:
> On 2017-01-13 09:42, Eric Paris wrote:
> > On Fri, 2017-01-13 at 04:51 -0500, Richard Guy Briggs wrote:
> > > diff --git a/include/linux/audit.h b/include/linux/audit.h
> > > index 9d4443f..43d8003 10064
On Fri, 2017-01-13 at 04:51 -0500, Richard Guy Briggs wrote:
> 32-bit socketcalls were not being logged by audit on x86_64 systems.
> Log them. This is basically a duplicate of the call from
> net/socket.c:sys_socketcall(), but it addresses the impedance
> mismatch
> between 32-bit userspace
On Fri, 2007-12-07 at 14:57 -0500, Paul Moore wrote:
NOTE: This really is an RFC patch, it compiles and boots but that is pretty
much all I can promise at this point. I'm posting this patch to gather
feedback from the audit crowd about the continued overloading of
the
record are being displayed in
network byte order, probably not what was intended
* Proper spacing around commas in function arguments
Minor style tweak since I was already touching the code
Signed-off-by: Paul Moore [EMAIL PROTECTED]
Acked-by: Eric Paris [EMAIL PROTECTED]
although
networking but that
same process should not be able to delete other entries or flush the
entire database.
WAS Signed-off-by: Signed-off-by: Joy Latten[EMAIL PROTECTED] NOT NOW
WAS Acked-by: James Morris [EMAIL PROTECTED] NOT NOW
WAS Acked-by: Eric Paris [EMAIL PROTECTED] NOT NOW
---
include/net
On Wed, 2007-03-28 at 12:20 -0400, James Morris wrote:
On Wed, 28 Mar 2007, Joy Latten wrote:
Eric, sorry as I know you already patched lspp kernel
for testing.
I think it'd be better to have the lspp kernel join the upstream workflow
process, rather than being a shortcut into RHEL.
On Mon, 2007-03-26 at 13:39 -0600, Joy Latten wrote:
+ if ((err = security_xfrm_policy_delete(pol)) != 0) {
+ xfrm_audit_log(audit_info-loginuid,
+audit_info-secid,
+
On Fri, 2007-03-23 at 16:58 -0600, Joy Latten wrote:
@@ -710,11 +713,20 @@ static struct xfrm_state *__find_acq_cor
switch (family) {
case AF_INET:
+ if (x-id.daddr.a4 == saddr-a4
+ x-props.saddr.a4 == daddr-a4)
+
On Fri, 2007-03-23 at 10:33 -0600, Joy Latten wrote:
On Fri, 2007-03-23 at 01:39 -0400, Eric Paris wrote:
In either case though proper auditing needs to be addressed. I see that
the first patch from Joy wouldn't audit deletion failures. It appears
to me if the check is done per
On Fri, 2007-03-23 at 11:47 -0700, David Miller wrote:
From: James Morris [EMAIL PROTECTED]
Date: Fri, 23 Mar 2007 14:46:48 -0400 (EDT)
A 'flush' has a semantic implication that all entries will be removed, and
it should be atomic and either succeed or fail at that granularity.
On Thu, 2007-03-22 at 19:49 -0400, James Morris wrote:
On Thu, 22 Mar 2007, Joy Latten wrote:
I would look at this patch differently if there were some
security level key being checked for a match here, which is
an input key to the flush, but that is not what is happening
here as
On Fri, 2007-03-09 at 16:20 -0800, David Miller wrote:
From: Joy Latten [EMAIL PROTECTED]
Date: Fri, 9 Mar 2007 17:14:54 -0600
I noticed that in xfrm_state_add we look for the larval SA in a few
places without checking for protocol match. So when using both
AH and ESP, whichever one
On Wed, 2007-03-07 at 16:07 -0800, David Miller wrote:
From: David Miller [EMAIL PROTECTED]
Date: Wed, 07 Mar 2007 15:43:16 -0800 (PST)
From: Eric Paris [EMAIL PROTECTED]
Date: Fri, 02 Mar 2007 13:51:24 -0500
pfkey_spdget neither had an LSM security hook nor auditing
On Mon, 2007-03-05 at 11:39 -0500, James Morris wrote:
On Mon, 5 Mar 2007, Venkat Yekkirala wrote:
Signed-off-by: Eric Paris [EMAIL PROTECTED]
Acked-by: Venkat Yekkirala [EMAIL PROTECTED]
What about your previous comment:
I guess you meant to do this here?
else if (err
the
initialization would cause err to be ENOENT. But since err has since
been used above when we don't get a policy back from the xfrm_policy_by*
function we would always return 0 instead of the intended ENOENT. Also
fixed some white space damage in the same area.
Signed-off-by: Eric Paris [EMAIL PROTECTED
pfkey_spdget neither had an LSM security hook nor auditing for the
removal of xfrm_policy structs. The security hook was added when it was
moved into xfrm_policy_byid instead of the callers to that function by
my earlier patch and this patch adds the auditing hooks as well.
Signed-off-by: Eric
(and successes) will actually get audited.
Signed-off-by: Eric Paris [EMAIL PROTECTED]
net/key/af_key.c |5 ++---
net/xfrm/xfrm_user.c |5 ++---
2 files changed, 4 insertions(+), 6 deletions(-)
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 1c58204..d8fc88c 100644
--- a/net/key/af_key.c
On Tue, 2006-11-07 at 11:17 -0600, Venkat Yekkirala wrote:
int selinux_xfrm_policy_alloc(struct xfrm_policy *xp,
- struct xfrm_user_sec_ctx *uctx, struct sock *sk)
+ struct xfrm_user_sec_ctx *uctx)
{
int err;
- u32 sid;
- BUG_ON(!xp);
-
-by: Eric Paris [EMAIL PROTECTED]
bonding.txt |2 --
1 files changed, 2 deletions(-)
--- linux-2.6.14.2/Documentation/networking/bonding.txt.old 2006-01-06
11:47:31.0 -0500
+++ linux-2.6.14.2/Documentation/networking/bonding.txt 2006-01-06
11:49:18.0 -0500
@@ -944,7 +944,6
20 matches
Mail list logo