From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: Re: [userspace PATCH v2 0/2] Add support for loginuid_set
Date: Tue, 11 Oct 2016 12:40:55 -0400
Message-ID: <2160607.4V3FbIfBlX@x2>
References: <1471544337-3108-1-git-send-email-rgb@redhat.com>
	<3382475.po8Up8mjF7@x2>
	<CAGH-KgvR7BmJXYAhh1ovDK10adMXnbRm9=bzh2Efcgt4Wcq4LQ@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <CAGH-KgvR7BmJXYAhh1ovDK10adMXnbRm9=bzh2Efcgt4Wcq4LQ@mail.gmail.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Paul Moore <pmoore@redhat.com>
Cc: Richard Guy Briggs <rgb@redhat.com>, linux-audit@redhat.com
List-Id: linux-audit@redhat.com

On Monday, October 10, 2016 5:10:39 PM EDT Paul Moore wrote:
> On Mon, Oct 10, 2016 at 1:24 PM, Steve Grubb <sgrubb@redhat.com> wrote:
> > On Thursday, August 18, 2016 2:18:55 PM EDT Richard Guy Briggs wrote:
> >> loginuid_set support should have been added to userspace when it was
> >> added to the kernel around v3.10.  Add it before we do similar for
> >> sessionID and sessionID_set.
> > 
> > If this were accepted, how would this change writing rules? IOW, can you
> > give an example rule so we can see what this looks like?
> 
> We have a RFE feature page which documents some rule examples:
> 
> *
> https://github.com/linux-audit/audit-kernel/wiki/RFE-Session-ID-User-Filter

OK, thanks. This is helpful. So, what is the difference between these rules?

-a always,exit -F path=/tmp/sessionid_test -F loginuid=-1

-a always,exit -F path=/tmp/sessionid_set_test -F loginuid_set=0

-Steve