From: david.abdurachmanov@gmail.com (David Abdurachmanov) To: linux-riscv@lists.infradead.org Subject: [PATCH 0/2] riscv: add audit support Date: Mon, 29 Oct 2018 11:48:52 +0100 [thread overview] Message-ID: <20181029104854.17432-1-david.abdurachmanov@gmail.com> (raw) This patchset adds system call audit support on riscv (riscv32 & riscv64). The pachset was prepared on top of v4.19 tag. audit-userspace changes were submitted. See: https://github.com/linux-audit/audit-userspace/pull/73 Tested the following manually: - auditctl (checked several different example rules from internet) - aulast - aulastlog - ausearch - ausyscall - aureport - autrace (compared some syscalls to strace: order and return value/input arguments seem to be correct) - /proc/self/loginuid (required by DNF [package manager]) I looked into audit-testsuite and with some adjustments results are: Failed 4/14 test programs. 19/88 subtests failed. The failing tests were due to missing CONFIG_IP_NF_MANGLE, 'id -Z' not printing categories (don't know why), not having loadable kernel module support enablled and syscall_socketcall not being relevant for new arches. audit-testsuite with adjustments: https://github.com/davidlt/audit-testsuite/tree/riscv64 Depends on: [PATCH 1/2] Move EM_RISCV into elf-em.h http://lists.infradead.org/pipermail/linux-riscv/2018-October/001885.html This should solve DNF issues in Fedora 29/RISCV. David Abdurachmanov (2): riscv: add audit support riscv: audit: add audit hook in do_syscall_trace_enter/exit() arch/riscv/Kconfig | 1 + arch/riscv/include/asm/ptrace.h | 5 +++++ arch/riscv/include/asm/syscall.h | 10 ++++++++++ arch/riscv/include/asm/thread_info.h | 6 ++++++ arch/riscv/kernel/entry.S | 4 ++-- arch/riscv/kernel/ptrace.c | 5 +++++ include/uapi/linux/audit.h | 2 ++ 7 files changed, 31 insertions(+), 2 deletions(-) -- 2.17.2
WARNING: multiple messages have this Message-ID (diff)
From: David Abdurachmanov <david.abdurachmanov@gmail.com> To: palmer@sifive.com, aou@eecs.berkeley.edu, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, linux-audit@redhat.com Cc: David Abdurachmanov <david.abdurachmanov@gmail.com> Subject: [PATCH 0/2] riscv: add audit support Date: Mon, 29 Oct 2018 11:48:52 +0100 [thread overview] Message-ID: <20181029104854.17432-1-david.abdurachmanov@gmail.com> (raw) Message-ID: <20181029104852.gprDFTngsKXZR7TAaon-tEVOxn3sEI8tjHwt3MRSg3I@z> (raw) This patchset adds system call audit support on riscv (riscv32 & riscv64). The pachset was prepared on top of v4.19 tag. audit-userspace changes were submitted. See: https://github.com/linux-audit/audit-userspace/pull/73 Tested the following manually: - auditctl (checked several different example rules from internet) - aulast - aulastlog - ausearch - ausyscall - aureport - autrace (compared some syscalls to strace: order and return value/input arguments seem to be correct) - /proc/self/loginuid (required by DNF [package manager]) I looked into audit-testsuite and with some adjustments results are: Failed 4/14 test programs. 19/88 subtests failed. The failing tests were due to missing CONFIG_IP_NF_MANGLE, 'id -Z' not printing categories (don't know why), not having loadable kernel module support enablled and syscall_socketcall not being relevant for new arches. audit-testsuite with adjustments: https://github.com/davidlt/audit-testsuite/tree/riscv64 Depends on: [PATCH 1/2] Move EM_RISCV into elf-em.h http://lists.infradead.org/pipermail/linux-riscv/2018-October/001885.html This should solve DNF issues in Fedora 29/RISCV. David Abdurachmanov (2): riscv: add audit support riscv: audit: add audit hook in do_syscall_trace_enter/exit() arch/riscv/Kconfig | 1 + arch/riscv/include/asm/ptrace.h | 5 +++++ arch/riscv/include/asm/syscall.h | 10 ++++++++++ arch/riscv/include/asm/thread_info.h | 6 ++++++ arch/riscv/kernel/entry.S | 4 ++-- arch/riscv/kernel/ptrace.c | 5 +++++ include/uapi/linux/audit.h | 2 ++ 7 files changed, 31 insertions(+), 2 deletions(-) -- 2.17.2 _______________________________________________ linux-riscv mailing list linux-riscv@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-riscv
next reply other threads:[~2018-10-29 10:48 UTC|newest] Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top 2018-10-29 10:48 David Abdurachmanov [this message] 2018-10-29 10:48 ` [PATCH 0/2] riscv: add audit support David Abdurachmanov 2018-10-29 10:48 ` [PATCH 1/2] " David Abdurachmanov 2018-10-29 10:48 ` David Abdurachmanov 2018-11-13 1:52 ` Palmer Dabbelt 2018-11-13 1:52 ` Palmer Dabbelt 2018-11-13 23:34 ` Paul Moore 2018-11-13 23:34 ` Paul Moore 2018-11-14 23:40 ` Palmer Dabbelt 2018-11-14 23:40 ` Palmer Dabbelt 2018-10-29 10:48 ` [PATCH 2/2] riscv: audit: add audit hook in do_syscall_trace_enter/exit() David Abdurachmanov 2018-10-29 10:48 ` David Abdurachmanov 2018-10-29 22:57 ` [PATCH 0/2] riscv: add audit support Paul Moore 2018-10-29 22:57 ` Paul Moore 2018-11-06 20:06 ` Paul Moore 2018-11-06 20:06 ` Paul Moore 2018-11-06 21:25 ` David Abdurachmanov 2018-11-06 21:25 ` David Abdurachmanov 2018-11-07 10:45 ` David Abdurachmanov 2018-11-07 10:45 ` David Abdurachmanov
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20181029104854.17432-1-david.abdurachmanov@gmail.com \ --to=david.abdurachmanov@gmail.com \ --cc=linux-riscv@lists.infradead.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).