From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: zohar@linux.vnet.ibm.com, paul@paul-moore.com,
linux-integrity@vger.kernel.org, linux-audit@redhat.com
Cc: sgrubb@redhat.com, linux-kernel@vger.kernel.org,
Stefan Berger <stefanb@linux.vnet.ibm.com>
Subject: [PATCH v3 0/4] IMA: work on audit records produced by IMA
Date: Mon, 4 Jun 2018 16:54:51 -0400 [thread overview]
Message-ID: <20180604205455.2325754-1-stefanb@linux.vnet.ibm.com> (raw)
This series of patches cleans up some usages of the audit
subsystem's API by IMA. We also introduce a new record type
that IMA creates while parsing policy rules.
Stefan
v2->v3:
- reworked patch 4; pass current->audit_context rather than NULL
v1->v2:
- dropped several patches that extended existing messages with missing
fields
- Using audit_log_task_info() for new record type in last patch
- rebased on security-next; new message type is now 1807
Stefan Berger (4):
ima: Call audit_log_string() rather than logging it untrusted
ima: Use audit_log_format() rather than audit_log_string()
ima: Do not audit if CONFIG_INTEGRITY_AUDIT is not set
ima: Differentiate auditing policy rules from "audit" actions
include/uapi/linux/audit.h | 1 +
security/integrity/ima/Kconfig | 1 +
security/integrity/ima/ima_policy.c | 9 ++++++---
security/integrity/integrity.h | 15 +++++++++++++++
security/integrity/integrity_audit.c | 6 +-----
5 files changed, 24 insertions(+), 8 deletions(-)
--
2.13.6
next reply other threads:[~2018-06-04 20:55 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-04 20:54 Stefan Berger [this message]
2018-06-04 20:54 ` [PATCH v3 1/4] ima: Call audit_log_string() rather than logging it untrusted Stefan Berger
2018-06-04 20:54 ` [PATCH v3 2/4] ima: Use audit_log_format() rather than audit_log_string() Stefan Berger
2018-06-04 20:54 ` [PATCH v3 3/4] ima: Do not audit if CONFIG_INTEGRITY_AUDIT is not set Stefan Berger
2018-06-05 0:16 ` Paul Moore
2018-06-04 20:54 ` [PATCH v3 4/4] ima: Differentiate auditing policy rules from "audit" actions Stefan Berger
2018-06-05 0:21 ` Paul Moore
2018-06-05 14:15 ` Mimi Zohar
2018-06-05 14:15 ` Mimi Zohar
2018-06-05 22:18 ` Paul Moore
2018-06-06 14:52 ` Mimi Zohar
2018-06-06 14:52 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180604205455.2325754-1-stefanb@linux.vnet.ibm.com \
--to=stefanb@linux.vnet.ibm.com \
--cc=linux-audit@redhat.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=sgrubb@redhat.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.