[PATCH] selinux: remove AVC init audit log message

[PATCH] selinux: remove AVC init audit log message

[Richard Guy Briggs]

In the process of normalizing audit log messages, it was noticed that the AVC
initialization code registered an audit log KERNEL record that didn't fit the
standard format.  In the process of attempting to normalize it it was
determined that this record was not even necessary.  Remove it.

Ref: http://marc.info/?l=selinux&m=149614868525826&w=2
See: https://github.com/linux-audit/audit-kernel/issues/48
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
---
 security/selinux/avc.c |    2 --
 1 files changed, 0 insertions(+), 2 deletions(-)

diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index e60c79d..4b42931 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -197,8 +197,6 @@ void __init avc_init(void)
 	avc_xperms_data_cachep = kmem_cache_create("avc_xperms_data",
 					sizeof(struct extended_perms_data),
 					0, SLAB_PANIC, NULL);
-
-	audit_log(current->audit_context, GFP_KERNEL, AUDIT_KERNEL, "AVC INITIALIZED\n");
 }
 
 int avc_get_hash_stats(char *page)
-- 
1.7.1

[PATCH] selinux: remove AVC init audit log message

[Richard Guy Briggs]

In the process of normalizing audit log messages, it was noticed that the AVC
initialization code registered an audit log KERNEL record that didn't fit the
standard format.  In the process of attempting to normalize it it was
determined that this record was not even necessary.  Remove it.

Ref: http://marc.info/?l=selinux&m=149614868525826&w=2
See: https://github.com/linux-audit/audit-kernel/issues/48
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
---
 security/selinux/avc.c |    2 --
 1 files changed, 0 insertions(+), 2 deletions(-)

diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index e60c79d..4b42931 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -197,8 +197,6 @@ void __init avc_init(void)
 	avc_xperms_data_cachep = kmem_cache_create("avc_xperms_data",
 					sizeof(struct extended_perms_data),
 					0, SLAB_PANIC, NULL);
-
-	audit_log(current->audit_context, GFP_KERNEL, AUDIT_KERNEL, "AVC INITIALIZED\n");
 }
 
 int avc_get_hash_stats(char *page)
-- 
1.7.1

Re: [PATCH] selinux: remove AVC init audit log message

[Stephen Smalley]

On Fri, 2017-07-28 at 03:23 -0400, Richard Guy Briggs wrote:
> In the process of normalizing audit log messages, it was noticed that
> the AVC
> initialization code registered an audit log KERNEL record that didn't
> fit the
> standard format.  In the process of attempting to normalize it it was
> determined that this record was not even necessary.  Remove it.
> 
> Ref: http://marc.info/?l=selinux&m=149614868525826&w=2
> See: https://github.com/linux-audit/audit-kernel/issues/48
> Signed-off-by: Richard Guy Briggs <rgb@redhat.com>

Acked-by: Stephen Smalley <sds@tycho.nsa.gov>

> ---
>  security/selinux/avc.c |    2 --
>  1 files changed, 0 insertions(+), 2 deletions(-)
> 
> diff --git a/security/selinux/avc.c b/security/selinux/avc.c
> index e60c79d..4b42931 100644
> --- a/security/selinux/avc.c
> +++ b/security/selinux/avc.c
> @@ -197,8 +197,6 @@ void __init avc_init(void)
>  	avc_xperms_data_cachep =
> kmem_cache_create("avc_xperms_data",
>  					sizeof(struct
> extended_perms_data),
>  					0, SLAB_PANIC, NULL);
> -
> -	audit_log(current->audit_context, GFP_KERNEL, AUDIT_KERNEL,
> "AVC INITIALIZED\n");
>  }
>  
>  int avc_get_hash_stats(char *page)

Re: [PATCH] selinux: remove AVC init audit log message

[Stephen Smalley]

On Fri, 2017-07-28 at 03:23 -0400, Richard Guy Briggs wrote:
> In the process of normalizing audit log messages, it was noticed that
> the AVC
> initialization code registered an audit log KERNEL record that didn't
> fit the
> standard format.  In the process of attempting to normalize it it was
> determined that this record was not even necessary.  Remove it.
> 
> Ref: http://marc.info/?l=selinux&m=149614868525826&w=2
> See: https://github.com/linux-audit/audit-kernel/issues/48
> Signed-off-by: Richard Guy Briggs <rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>

Acked-by: Stephen Smalley <sds-+05T5uksL2qpZYMLLGbcSA@public.gmane.org>

> ---
>  security/selinux/avc.c |    2 --
>  1 files changed, 0 insertions(+), 2 deletions(-)
> 
> diff --git a/security/selinux/avc.c b/security/selinux/avc.c
> index e60c79d..4b42931 100644
> --- a/security/selinux/avc.c
> +++ b/security/selinux/avc.c
> @@ -197,8 +197,6 @@ void __init avc_init(void)
>  	avc_xperms_data_cachep =
> kmem_cache_create("avc_xperms_data",
>  					sizeof(struct
> extended_perms_data),
>  					0, SLAB_PANIC, NULL);
> -
> -	audit_log(current->audit_context, GFP_KERNEL, AUDIT_KERNEL,
> "AVC INITIALIZED\n");
>  }
>  
>  int avc_get_hash_stats(char *page)

Re: [PATCH] selinux: remove AVC init audit log message

[Steve Grubb]

On Friday, July 28, 2017 3:23:31 AM EDT Richard Guy Briggs wrote:
> In the process of normalizing audit log messages, it was noticed that the
> AVC initialization code registered an audit log KERNEL record that didn't
> fit the standard format.  In the process of attempting to normalize it it
> was determined that this record was not even necessary.  Remove it.

Actually, I'd probably go the other direction. I'd make it useful. How about a 
AUDIT_MAC_INIT record that records, name of MAC framework, status (enabled/
disabled), and enforcing mode (enforcing/permissive). This way if there is an 
investigation that needs to know the initial system state, we have that 
information preserved. There might be one or two other tidbits people might 
want to know like policy version or number of overrides (booleans) deviating 
from policy baseline. But I'd say that's nice to have and not mandatory.

I'm pretty sure that was the intent of the event and its probably to satisfy 
one of the FMT_MSA.3 common criteria requirements about initial subject/object 
security attribute association.

-Steve

> Ref: http://marc.info/?l=selinux&m=149614868525826&w=2
> See: https://github.com/linux-audit/audit-kernel/issues/48
> Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> ---
>  security/selinux/avc.c |    2 --
>  1 files changed, 0 insertions(+), 2 deletions(-)
> 
> diff --git a/security/selinux/avc.c b/security/selinux/avc.c
> index e60c79d..4b42931 100644
> --- a/security/selinux/avc.c
> +++ b/security/selinux/avc.c
> @@ -197,8 +197,6 @@ void __init avc_init(void)
>  	avc_xperms_data_cachep = kmem_cache_create("avc_xperms_data",
>  					sizeof(struct extended_perms_data),
>  					0, SLAB_PANIC, NULL);
> -
> -	audit_log(current->audit_context, GFP_KERNEL, AUDIT_KERNEL, "AVC
> INITIALIZED\n"); }
> 
>  int avc_get_hash_stats(char *page)

Re: [PATCH] selinux: remove AVC init audit log message

[Steve Grubb]

On Friday, July 28, 2017 3:23:31 AM EDT Richard Guy Briggs wrote:
> In the process of normalizing audit log messages, it was noticed that the
> AVC initialization code registered an audit log KERNEL record that didn't
> fit the standard format.  In the process of attempting to normalize it it
> was determined that this record was not even necessary.  Remove it.

Actually, I'd probably go the other direction. I'd make it useful. How about a 
AUDIT_MAC_INIT record that records, name of MAC framework, status (enabled/
disabled), and enforcing mode (enforcing/permissive). This way if there is an 
investigation that needs to know the initial system state, we have that 
information preserved. There might be one or two other tidbits people might 
want to know like policy version or number of overrides (booleans) deviating 
from policy baseline. But I'd say that's nice to have and not mandatory.

I'm pretty sure that was the intent of the event and its probably to satisfy 
one of the FMT_MSA.3 common criteria requirements about initial subject/object 
security attribute association.

-Steve

> Ref: http://marc.info/?l=selinux&m=149614868525826&w=2
> See: https://github.com/linux-audit/audit-kernel/issues/48
> Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> ---
>  security/selinux/avc.c |    2 --
>  1 files changed, 0 insertions(+), 2 deletions(-)
> 
> diff --git a/security/selinux/avc.c b/security/selinux/avc.c
> index e60c79d..4b42931 100644
> --- a/security/selinux/avc.c
> +++ b/security/selinux/avc.c
> @@ -197,8 +197,6 @@ void __init avc_init(void)
>  	avc_xperms_data_cachep = kmem_cache_create("avc_xperms_data",
>  					sizeof(struct extended_perms_data),
>  					0, SLAB_PANIC, NULL);
> -
> -	audit_log(current->audit_context, GFP_KERNEL, AUDIT_KERNEL, "AVC
> INITIALIZED\n"); }
> 
>  int avc_get_hash_stats(char *page)

Re: [PATCH] selinux: remove AVC init audit log message

[Stephen Smalley]

On Fri, 2017-07-28 at 09:11 -0400, Steve Grubb wrote:
> On Friday, July 28, 2017 3:23:31 AM EDT Richard Guy Briggs wrote:
> > In the process of normalizing audit log messages, it was noticed
> > that the
> > AVC initialization code registered an audit log KERNEL record that
> > didn't
> > fit the standard format.  In the process of attempting to normalize
> > it it
> > was determined that this record was not even necessary.  Remove it.
> 
> Actually, I'd probably go the other direction. I'd make it useful.
> How about a 
> AUDIT_MAC_INIT record that records, name of MAC framework, status
> (enabled/
> disabled), and enforcing mode (enforcing/permissive). This way if
> there is an 
> investigation that needs to know the initial system state, we have
> that 
> information preserved. There might be one or two other tidbits people
> might 
> want to know like policy version or number of overrides (booleans)
> deviating 
> from policy baseline. But I'd say that's nice to have and not
> mandatory.
> 
> I'm pretty sure that was the intent of the event and its probably to
> satisfy 
> one of the FMT_MSA.3 common criteria requirements about initial
> subject/object 
> security attribute association.

None of that is known in avc_init().  Aren't you already getting what
you need from AUDIT_MAC_STATUS and AUDIT_MAC_POLICY_LOAD?

> 
> -Steve
> 
> > Ref: http://marc.info/?l=selinux&m=149614868525826&w=2
> > See: https://github.com/linux-audit/audit-kernel/issues/48
> > Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> > ---
> >  security/selinux/avc.c |    2 --
> >  1 files changed, 0 insertions(+), 2 deletions(-)
> > 
> > diff --git a/security/selinux/avc.c b/security/selinux/avc.c
> > index e60c79d..4b42931 100644
> > --- a/security/selinux/avc.c
> > +++ b/security/selinux/avc.c
> > @@ -197,8 +197,6 @@ void __init avc_init(void)
> >  	avc_xperms_data_cachep =
> > kmem_cache_create("avc_xperms_data",
> >  					sizeof(struct
> > extended_perms_data),
> >  					0, SLAB_PANIC, NULL);
> > -
> > -	audit_log(current->audit_context, GFP_KERNEL,
> > AUDIT_KERNEL, "AVC
> > INITIALIZED\n"); }
> > 
> >  int avc_get_hash_stats(char *page)
> 
> 

Re: [PATCH] selinux: remove AVC init audit log message

[Stephen Smalley]

On Fri, 2017-07-28 at 09:11 -0400, Steve Grubb wrote:
> On Friday, July 28, 2017 3:23:31 AM EDT Richard Guy Briggs wrote:
> > In the process of normalizing audit log messages, it was noticed
> > that the
> > AVC initialization code registered an audit log KERNEL record that
> > didn't
> > fit the standard format.  In the process of attempting to normalize
> > it it
> > was determined that this record was not even necessary.  Remove it.
> 
> Actually, I'd probably go the other direction. I'd make it useful.
> How about a 
> AUDIT_MAC_INIT record that records, name of MAC framework, status
> (enabled/
> disabled), and enforcing mode (enforcing/permissive). This way if
> there is an 
> investigation that needs to know the initial system state, we have
> that 
> information preserved. There might be one or two other tidbits people
> might 
> want to know like policy version or number of overrides (booleans)
> deviating 
> from policy baseline. But I'd say that's nice to have and not
> mandatory.
> 
> I'm pretty sure that was the intent of the event and its probably to
> satisfy 
> one of the FMT_MSA.3 common criteria requirements about initial
> subject/object 
> security attribute association.

None of that is known in avc_init().  Aren't you already getting what
you need from AUDIT_MAC_STATUS and AUDIT_MAC_POLICY_LOAD?

> 
> -Steve
> 
> > Ref: http://marc.info/?l=selinux&m=149614868525826&w=2
> > See: https://github.com/linux-audit/audit-kernel/issues/48
> > Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> > ---
> >  security/selinux/avc.c |    2 --
> >  1 files changed, 0 insertions(+), 2 deletions(-)
> > 
> > diff --git a/security/selinux/avc.c b/security/selinux/avc.c
> > index e60c79d..4b42931 100644
> > --- a/security/selinux/avc.c
> > +++ b/security/selinux/avc.c
> > @@ -197,8 +197,6 @@ void __init avc_init(void)
> >  	avc_xperms_data_cachep =
> > kmem_cache_create("avc_xperms_data",
> >  					sizeof(struct
> > extended_perms_data),
> >  					0, SLAB_PANIC, NULL);
> > -
> > -	audit_log(current->audit_context, GFP_KERNEL,
> > AUDIT_KERNEL, "AVC
> > INITIALIZED\n"); }
> > 
> >  int avc_get_hash_stats(char *page)
> 
> 

--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit

Re: [PATCH] selinux: remove AVC init audit log message

[Steve Grubb]

On Friday, July 28, 2017 9:06:34 AM EDT Stephen Smalley wrote:
> On Fri, 2017-07-28 at 03:23 -0400, Richard Guy Briggs wrote:
> > In the process of normalizing audit log messages, it was noticed that
> > the AVC
> > initialization code registered an audit log KERNEL record that didn't
> > fit the
> > standard format.  In the process of attempting to normalize it it was
> > determined that this record was not even necessary.  Remove it.
> > 
> > Ref: http://marc.info/?l=selinux&m=149614868525826&w=2
> > See: https://github.com/linux-audit/audit-kernel/issues/48
> > Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> 
> Acked-by: Stephen Smalley <sds@tycho.nsa.gov>

Yeah, I guess it can be deleted.

Acked-by: Steve Grubb <sgrubb@redhat.com>

> > ---
> >  security/selinux/avc.c |    2 --
> >  1 files changed, 0 insertions(+), 2 deletions(-)
> > 
> > diff --git a/security/selinux/avc.c b/security/selinux/avc.c
> > index e60c79d..4b42931 100644
> > --- a/security/selinux/avc.c
> > +++ b/security/selinux/avc.c
> > @@ -197,8 +197,6 @@ void __init avc_init(void)
> >  	avc_xperms_data_cachep =
> > kmem_cache_create("avc_xperms_data",
> >  					sizeof(struct
> > extended_perms_data),
> >  					0, SLAB_PANIC, NULL);
> > -
> > -	audit_log(current->audit_context, GFP_KERNEL, AUDIT_KERNEL,
> > "AVC INITIALIZED\n");
> >  }
> >  
> >  int avc_get_hash_stats(char *page)

Re: [PATCH] selinux: remove AVC init audit log message

[Steve Grubb]

On Friday, July 28, 2017 9:06:34 AM EDT Stephen Smalley wrote:
> On Fri, 2017-07-28 at 03:23 -0400, Richard Guy Briggs wrote:
> > In the process of normalizing audit log messages, it was noticed that
> > the AVC
> > initialization code registered an audit log KERNEL record that didn't
> > fit the
> > standard format.  In the process of attempting to normalize it it was
> > determined that this record was not even necessary.  Remove it.
> > 
> > Ref: http://marc.info/?l=selinux&m=149614868525826&w=2
> > See: https://github.com/linux-audit/audit-kernel/issues/48
> > Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> 
> Acked-by: Stephen Smalley <sds@tycho.nsa.gov>

Yeah, I guess it can be deleted.

Acked-by: Steve Grubb <sgrubb@redhat.com>

> > ---
> >  security/selinux/avc.c |    2 --
> >  1 files changed, 0 insertions(+), 2 deletions(-)
> > 
> > diff --git a/security/selinux/avc.c b/security/selinux/avc.c
> > index e60c79d..4b42931 100644
> > --- a/security/selinux/avc.c
> > +++ b/security/selinux/avc.c
> > @@ -197,8 +197,6 @@ void __init avc_init(void)
> >  	avc_xperms_data_cachep =
> > kmem_cache_create("avc_xperms_data",
> >  					sizeof(struct
> > extended_perms_data),
> >  					0, SLAB_PANIC, NULL);
> > -
> > -	audit_log(current->audit_context, GFP_KERNEL, AUDIT_KERNEL,
> > "AVC INITIALIZED\n");
> >  }
> >  
> >  int avc_get_hash_stats(char *page)

Re: [PATCH] selinux: remove AVC init audit log message

[Paul Moore]

On Fri, Jul 28, 2017 at 3:23 AM, Richard Guy Briggs <rgb@redhat.com> wrote:
> In the process of normalizing audit log messages, it was noticed that the AVC
> initialization code registered an audit log KERNEL record that didn't fit the
> standard format.  In the process of attempting to normalize it it was
> determined that this record was not even necessary.  Remove it.
>
> Ref: http://marc.info/?l=selinux&m=149614868525826&w=2
> See: https://github.com/linux-audit/audit-kernel/issues/48
> Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> ---
>  security/selinux/avc.c |    2 --
>  1 files changed, 0 insertions(+), 2 deletions(-)

Merged, thanks.

-- 
paul moore
www.paul-moore.com

Re: [PATCH] selinux: remove AVC init audit log message

[Paul Moore]

On Fri, Jul 28, 2017 at 3:23 AM, Richard Guy Briggs <rgb@redhat.com> wrote:
> In the process of normalizing audit log messages, it was noticed that the AVC
> initialization code registered an audit log KERNEL record that didn't fit the
> standard format.  In the process of attempting to normalize it it was
> determined that this record was not even necessary.  Remove it.
>
> Ref: http://marc.info/?l=selinux&m=149614868525826&w=2
> See: https://github.com/linux-audit/audit-kernel/issues/48
> Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> ---
>  security/selinux/avc.c |    2 --
>  1 files changed, 0 insertions(+), 2 deletions(-)

Merged, thanks.

-- 
paul moore
www.paul-moore.com

Re: [PATCH] selinux: remove AVC init audit log message

[Richard Guy Briggs]

On 2017-07-28 18:47, Paul Moore wrote:
> On Fri, Jul 28, 2017 at 3:23 AM, Richard Guy Briggs <rgb@redhat.com> wrote:
> > In the process of normalizing audit log messages, it was noticed that the AVC
> > initialization code registered an audit log KERNEL record that didn't fit the
> > standard format.  In the process of attempting to normalize it it was
> > determined that this record was not even necessary.  Remove it.
> >
> > Ref: http://marc.info/?l=selinux&m=149614868525826&w=2
> > See: https://github.com/linux-audit/audit-kernel/issues/48
> > Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> > ---
> >  security/selinux/avc.c |    2 --
> >  1 files changed, 0 insertions(+), 2 deletions(-)
> 
> Merged, thanks.

Where has this been merged?  I'm not able to find it in linux-2.6,
selinux/next or pcmoore-audit/next

> paul moore

- RGB

--
Richard Guy Briggs <rgb@redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635

Re: [PATCH] selinux: remove AVC init audit log message

[Paul Moore]

On Wed, Aug 23, 2017 at 4:55 AM, Richard Guy Briggs <rgb@redhat.com> wrote:
> On 2017-07-28 18:47, Paul Moore wrote:
>> On Fri, Jul 28, 2017 at 3:23 AM, Richard Guy Briggs <rgb@redhat.com> wrote:
>> > In the process of normalizing audit log messages, it was noticed that the AVC
>> > initialization code registered an audit log KERNEL record that didn't fit the
>> > standard format.  In the process of attempting to normalize it it was
>> > determined that this record was not even necessary.  Remove it.
>> >
>> > Ref: http://marc.info/?l=selinux&m=149614868525826&w=2
>> > See: https://github.com/linux-audit/audit-kernel/issues/48
>> > Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
>> > ---
>> >  security/selinux/avc.c |    2 --
>> >  1 files changed, 0 insertions(+), 2 deletions(-)
>>
>> Merged, thanks.
>
> Where has this been merged?  I'm not able to find it in linux-2.6,
> selinux/next or pcmoore-audit/next

I have no idea what you mean by pcmoore-audit/next, that isn't the
official audit repository or a mirror, but it has been merged into the
audit/next branch and is present in both the official audit repo on
kernel.org as well as the https://github.com/linux-audit/audit-kernel
mirror on GitHub.

 commit 739bde1f22292d76a179d4cbe29fc7bae86ef5e4
 Author: Richard Guy Briggs <rgb@redhat.com>
 Date:   Fri Jul 28 03:23:31 2017 -0400

   selinux: remove AVC init audit log message

   In the process of normalizing audit log messages, it was noticed that the AVC
   initialization code registered an audit log KERNEL record that didn't fit the
   standard format.  In the process of attempting to normalize it it was
   determined that this record was not even necessary.  Remove it.

   Ref: http://marc.info/?l=selinux&m=149614868525826&w=2
   See: https://github.com/linux-audit/audit-kernel/issues/48
   Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
   Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
   Acked-by: Steve Grubb <sgrubb@redhat.com>
   Signed-off-by: Paul Moore <paul@paul-moore.com>

-- 
paul moore
www.paul-moore.com

Re: [PATCH] selinux: remove AVC init audit log message

[Richard Guy Briggs]

On 2017-08-23 08:41, Paul Moore wrote:
> On Wed, Aug 23, 2017 at 4:55 AM, Richard Guy Briggs <rgb@redhat.com> wrote:
> > On 2017-07-28 18:47, Paul Moore wrote:
> >> On Fri, Jul 28, 2017 at 3:23 AM, Richard Guy Briggs <rgb@redhat.com> wrote:
> >> > In the process of normalizing audit log messages, it was noticed that the AVC
> >> > initialization code registered an audit log KERNEL record that didn't fit the
> >> > standard format.  In the process of attempting to normalize it it was
> >> > determined that this record was not even necessary.  Remove it.
> >> >
> >> > Ref: http://marc.info/?l=selinux&m=149614868525826&w=2
> >> > See: https://github.com/linux-audit/audit-kernel/issues/48
> >> > Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> >> > ---
> >> >  security/selinux/avc.c |    2 --
> >> >  1 files changed, 0 insertions(+), 2 deletions(-)
> >>
> >> Merged, thanks.
> >
> > Where has this been merged?  I'm not able to find it in linux-2.6,
> > selinux/next or pcmoore-audit/next
> 
> I have no idea what you mean by pcmoore-audit/next, that isn't the
> official audit repository or a mirror, but it has been merged into the
> audit/next branch and is present in both the official audit repo on
> kernel.org as well as the https://github.com/linux-audit/audit-kernel
> mirror on GitHub.

My bad.  I forgot to update my git remote references from
infradead...pcmoore/audit to kernel.org...pcmoore/audit

I now see it is in pcmoore-audit/next and linux-next/master.

Sorry for the noise.

>  commit 739bde1f22292d76a179d4cbe29fc7bae86ef5e4
>  Author: Richard Guy Briggs <rgb@redhat.com>
>  Date:   Fri Jul 28 03:23:31 2017 -0400
> 
>    selinux: remove AVC init audit log message
> 
>    In the process of normalizing audit log messages, it was noticed that the AVC
>    initialization code registered an audit log KERNEL record that didn't fit the
>    standard format.  In the process of attempting to normalize it it was
>    determined that this record was not even necessary.  Remove it.
> 
>    Ref: http://marc.info/?l=selinux&m=149614868525826&w=2
>    See: https://github.com/linux-audit/audit-kernel/issues/48
>    Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
>    Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
>    Acked-by: Steve Grubb <sgrubb@redhat.com>
>    Signed-off-by: Paul Moore <paul@paul-moore.com>
> 
> paul moore

- RGB

--
Richard Guy Briggs <rgb@redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635