From: Steve Grubb <sgrubb@redhat.com>
To: Richard Guy Briggs <rgb@redhat.com>
Cc: LKML <linux-kernel@vger.kernel.org>,
Linux-Audit Mailing List <linux-audit@redhat.com>,
Paul Moore <paul@paul-moore.com>,
omosnace@redhat.com, eparis@parisplace.org,
ebiederm@xmission.com, oleg@redhat.com
Subject: Re: [PATCH ghak111 V1] audit: deliver siginfo regarless of syscall
Date: Tue, 9 Apr 2019 17:37:16 +0200 [thread overview]
Message-ID: <20190409173716.1a0308fb@ivy-bridge> (raw)
In-Reply-To: <20190409140259.n4t6rxb24eu3uzvp@madcap2.tricolour.ca>
On Tue, 9 Apr 2019 10:02:59 -0400
Richard Guy Briggs <rgb@redhat.com> wrote:
> On 2019-04-09 08:01, Steve Grubb wrote:
> > On Mon, 8 Apr 2019 23:52:29 -0400 Richard Guy Briggs
> > <rgb@redhat.com> wrote:
> > > When a process signals the audit daemon (shutdown, rotate, resume,
> > > reconfig) but syscall auditing is not enabled, we still want to
> > > know the identity of the process sending the signal to the audit
> > > daemon.
> >
> > Why? If syscall auditing is disabled, then there is no requirement
> > to provide anything. What is the real problem that you are seeing?
>
> Shutdown messages with -1 in them rather than the real values.
OK. We can fix that by patching auditd to see if auditing is enabled
before requesting signal info. If auditing is disabled, the proper
action is for the kernel to ignore any audit userspace messages except
the configuration commands.
-Steve
next prev parent reply other threads:[~2019-04-09 15:37 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-09 3:52 [PATCH ghak111 V1] audit: deliver siginfo regarless of syscall Richard Guy Briggs
2019-04-09 6:01 ` Steve Grubb
2019-04-09 14:02 ` Richard Guy Briggs
2019-04-09 15:37 ` Steve Grubb [this message]
2019-04-09 15:57 ` Richard Guy Briggs
2019-04-10 0:25 ` Eric W. Biederman
2019-04-10 16:54 ` Richard Guy Briggs
2019-04-11 12:22 ` Steve Grubb
2019-04-18 14:59 ` Paul Moore
2019-04-18 15:16 ` Richard Guy Briggs
2019-04-18 15:37 ` Paul Moore
2019-04-18 15:42 ` Richard Guy Briggs
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190409173716.1a0308fb@ivy-bridge \
--to=sgrubb@redhat.com \
--cc=ebiederm@xmission.com \
--cc=eparis@parisplace.org \
--cc=linux-audit@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=oleg@redhat.com \
--cc=omosnace@redhat.com \
--cc=paul@paul-moore.com \
--cc=rgb@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).