From: Jiri Olsa <jolsa@redhat.com>
To: Paul Moore <paul@paul-moore.com>
Cc: Alexei Starovoitov <alexei.starovoitov@gmail.com>,
linux-audit@redhat.com, Jiri Olsa <jolsa@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Alexei Starovoitov <ast@kernel.org>,
Network Development <netdev@vger.kernel.org>,
bpf <bpf@vger.kernel.org>, Andrii Nakryiko <andriin@fb.com>,
Yonghong Song <yhs@fb.com>, Martin KaFai Lau <kafai@fb.com>,
Jakub Kicinski <jakub.kicinski@netronome.com>,
Steve Grubb <sgrubb@redhat.com>, David Miller <davem@redhat.com>,
Eric Paris <eparis@redhat.com>, Jiri Benc <jbenc@redhat.com>
Subject: Re: [PATCH] bpf: emit audit messages upon successful prog load and unload
Date: Fri, 22 Nov 2019 10:35:55 +0100 [thread overview]
Message-ID: <20191122093555.GC8287@krava> (raw)
In-Reply-To: <CAHC9VhQbQoXacbTCNJPGNzFOv30PwLeiWu4ROQFU46=saTeTNQ@mail.gmail.com>
On Thu, Nov 21, 2019 at 06:41:31PM -0500, Paul Moore wrote:
SNIP
> a common requirement for new audit functionality (link below). I'm
> also fairly certain we don't want this new BPF record to look like how
> you've coded it up in bpf_audit_prog(); duplicating the fields with
> audit_log_task() is wrong, you've either already got them via an
> associated record (which you get from passing non-NULL as the first
> parameter to audit_log_start()), or you don't because there is no
> associated syscall/task (which you get from passing NULL as the first
ok, I'll send change that reflects this.. together with the test
thanks,
jirka
> parameter). Please revert, un-merge, etc. this patch from bpf-next;
> it should not go into Linus' tree as written.
>
> Audit userspace PR:
> * https://github.com/linux-audit/audit-userspace/pull/104
>
> Audit test suite:
> * https://github.com/linux-audit/audit-testsuite
>
> Audit folks, here is a link to the thread in the archives:
> * https://lore.kernel.org/bpf/20191120213816.8186-1-jolsa@kernel.org/T/#u
>
> --
> paul moore
> www.paul-moore.com
>
prev parent reply other threads:[~2019-11-22 9:36 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-20 21:38 [PATCH] bpf: emit audit messages upon successful prog load and unload Jiri Olsa
2019-11-20 21:46 ` Daniel Borkmann
2019-11-20 21:48 ` Alexei Starovoitov
2019-11-21 23:41 ` Paul Moore
2019-11-22 0:22 ` Alexei Starovoitov
2019-11-22 0:36 ` Paul Moore
2019-11-22 19:23 ` Jiri Olsa
2019-11-22 21:19 ` Paul Moore
2019-11-23 8:57 ` Jiri Olsa
2019-11-23 18:03 ` Jakub Kicinski
2019-11-24 22:38 ` Jiri Olsa
2019-11-25 18:38 ` Steve Grubb
2019-11-25 18:38 ` Steve Grubb
2019-11-22 0:25 ` Daniel Borkmann
2019-11-22 0:42 ` Paul Moore
2019-11-22 9:32 ` Jiri Olsa
2019-11-22 9:35 ` Jiri Olsa [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191122093555.GC8287@krava \
--to=jolsa@redhat.com \
--cc=alexei.starovoitov@gmail.com \
--cc=andriin@fb.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@redhat.com \
--cc=eparis@redhat.com \
--cc=jakub.kicinski@netronome.com \
--cc=jbenc@redhat.com \
--cc=jolsa@kernel.org \
--cc=kafai@fb.com \
--cc=linux-audit@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=sgrubb@redhat.com \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.