From: Richard Guy Briggs <rgb@redhat.com>
To: Linux-Audit Mailing List <linux-audit@redhat.com>,
LKML <linux-kernel@vger.kernel.org>,
linux-fsdevel@vger.kernel.org
Cc: Paul Moore <paul@paul-moore.com>,
Eric Paris <eparis@parisplace.org>,
Steve Grubb <sgrubb@redhat.com>,
Richard Guy Briggs <rgb@redhat.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Eric Paris <eparis@redhat.com>,
x86@kernel.org, linux-alpha@vger.kernel.org,
linux-ia64@vger.kernel.org, linux-parisc@vger.kernel.org,
linuxppc-dev@lists.ozlabs.org, linux-s390@vger.kernel.org,
sparclinux@vger.kernel.org, Aleksa Sarai <cyphar@cyphar.com>,
Arnd Bergmann <arnd@kernel.org>
Subject: [PATCH v3 0/3] audit: add support for openat2
Date: Fri, 30 Apr 2021 16:35:20 -0400 [thread overview]
Message-ID: <cover.1619811762.git.rgb@redhat.com> (raw)
The openat2(2) syscall was added in v5.6. Add support for openat2 to the
audit syscall classifier and for recording openat2 parameters that cannot
be captured in the syscall parameters of the SYSCALL record.
Supporting userspace code can be found in
https://github.com/rgbriggs/audit-userspace/tree/ghau-openat2
Supporting test case can be found in
https://github.com/linux-audit/audit-testsuite/pull/103
Changelog:
v3:
- re-add commit descriptions that somehow got dropped
- add new file to MAINTAINERS
v2:
- add include/linux/auditscm.h for audit syscall class macros due to syscall redefinition warnings:
arch/x86/ia32/audit.c:3:
./include/linux/audit.h:12,
./include/linux/sched.h:22,
./include/linux/seccomp.h:21,
./arch/x86/include/asm/seccomp.h:5,
./arch/x86/include/asm/unistd.h:20,
./arch/x86/include/generated/uapi/asm/unistd_64.h:4: warning: "__NR_read" redefined #define __NR_read 0
...
./arch/x86/include/generated/uapi/asm/unistd_64.h:338: warning: "__NR_rseq" redefined #define __NR_rseq 334
previous:
arch/x86/ia32/audit.c:2:
./arch/x86/include/generated/uapi/asm/unistd_32.h:7: note: this is the location of the previous definition #define __NR_read 3
...
./arch/x86/include/generated/uapi/asm/unistd_32.h:386: note: this is the location of the previous definition #define __NR_rseq 386
Richard Guy Briggs (3):
audit: replace magic audit syscall class numbers with macros
audit: add support for the openat2 syscall
audit: add OPENAT2 record to list how
MAINTAINERS | 1 +
arch/alpha/kernel/audit.c | 10 ++++++----
arch/ia64/kernel/audit.c | 10 ++++++----
arch/parisc/kernel/audit.c | 10 ++++++----
arch/parisc/kernel/compat_audit.c | 11 +++++++----
arch/powerpc/kernel/audit.c | 12 +++++++-----
arch/powerpc/kernel/compat_audit.c | 13 ++++++++-----
arch/s390/kernel/audit.c | 12 +++++++-----
arch/s390/kernel/compat_audit.c | 13 ++++++++-----
arch/sparc/kernel/audit.c | 12 +++++++-----
arch/sparc/kernel/compat_audit.c | 13 ++++++++-----
arch/x86/ia32/audit.c | 13 ++++++++-----
arch/x86/kernel/audit_64.c | 10 ++++++----
fs/open.c | 2 ++
include/linux/audit.h | 11 +++++++++++
include/linux/auditscm.h | 24 +++++++++++++++++++++++
include/uapi/linux/audit.h | 1 +
kernel/audit.h | 2 ++
kernel/auditsc.c | 31 ++++++++++++++++++++++++------
lib/audit.c | 14 +++++++++-----
lib/compat_audit.c | 15 ++++++++++-----
21 files changed, 169 insertions(+), 71 deletions(-)
create mode 100644 include/linux/auditscm.h
--
2.27.0
next reply other threads:[~2021-04-30 20:36 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-30 20:35 Richard Guy Briggs [this message]
2021-04-30 20:35 ` [PATCH v3 1/3] audit: replace magic audit syscall class numbers with macros Richard Guy Briggs
2021-05-11 1:23 ` Paul Moore
2021-05-11 17:13 ` Richard Guy Briggs
2021-05-11 17:51 ` Paul Moore
2021-05-11 18:50 ` Richard Guy Briggs
2021-04-30 20:35 ` [PATCH v3 2/3] audit: add support for the openat2 syscall Richard Guy Briggs
2021-04-30 20:35 ` [PATCH v3 3/3] audit: add OPENAT2 record to list how Richard Guy Briggs
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1619811762.git.rgb@redhat.com \
--to=rgb@redhat.com \
--cc=arnd@kernel.org \
--cc=cyphar@cyphar.com \
--cc=eparis@parisplace.org \
--cc=eparis@redhat.com \
--cc=linux-alpha@vger.kernel.org \
--cc=linux-audit@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-ia64@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-parisc@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=paul@paul-moore.com \
--cc=sgrubb@redhat.com \
--cc=sparclinux@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).