From: Steve Grubb <sgrubb@redhat.com>
To: linux-audit@redhat.com
Cc: Richard Guy Briggs <rgb@redhat.com>
Subject: Re: [PATCH 0/5] Add support for sessionid user filters, sessionid_set and loginuid_set
Date: Tue, 02 Aug 2016 09:58:23 -0400 [thread overview]
Message-ID: <7465676.juF99Vr4t2@x2> (raw)
In-Reply-To: <1631071.bJV1sPFgiU@x2>
On Tuesday, August 2, 2016 9:25:44 AM EDT Steve Grubb wrote:
> On Tuesday, August 2, 2016 8:56:35 AM EDT Richard Guy Briggs wrote:
> > On 2016-08-02 08:16, Steve Grubb wrote:
> > > On Tuesday, August 2, 2016 5:38:56 AM EDT Richard Guy Briggs wrote:
> > > > Add support for sessionid, sessionid_set (first two patches) and
> > > > loginuid_set (and auid_set) (third patch) in user filters. The first
> > > >
> > > > two are directly related to issue "ghak4":
> > > > https://github.com/linux-audit/audit-kernel/issues/4
> > > > https://github.com/linux-audit/audit-kernel/wiki/RFE-Session-ID-> >
> > > > > User-Filter
> > > >
> > > > The third is to support a kernel change from 3.10 and 3.19 to avoid
> > > > using in-band values to indicate the loginuid is unset.
> > >
> > > Have the above three patches been tested on old kernels?
> >
> > Not yet. How do you usually add new features to userspace to guard
> > against missing features from old kernels? Time to add a bit to the
> > kenrel audit status feature field?
>
> Yes. Otherwise you get EINVAL which doesn't let you explain what exactly is
> wrong with the rule.
Before you get too far...I just looked at the support being added in the first
three patches. There is no code changing auditctl. Is there something missing?
-Steve
next prev parent reply other threads:[~2016-08-02 13:58 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-02 9:38 [PATCH 0/5] Add support for sessionid user filters, sessionid_set and loginuid_set Richard Guy Briggs
2016-08-02 9:38 ` [PATCH 1/5] Add userspace support for session ID user filter Richard Guy Briggs
2016-08-02 9:38 ` [PATCH 2/5] Add sessionid_set option from kernel uapi macro AUDIT_SESSIONID_SET Richard Guy Briggs
2016-08-02 9:38 ` [PATCH 3/5] Add user filter option loginuid_set from uapi macro AUDIT_LOGINUID_SET Richard Guy Briggs
2016-08-02 9:39 ` [PATCH 4/5] Add sessionid_set option to ausearch and aureport Richard Guy Briggs
2016-08-02 9:39 ` [PATCH 5/5] Add support for loginuid_set option for event filtering and searches Richard Guy Briggs
2016-08-02 12:16 ` [PATCH 0/5] Add support for sessionid user filters, sessionid_set and loginuid_set Steve Grubb
2016-08-02 12:56 ` Richard Guy Briggs
2016-08-02 13:25 ` Steve Grubb
2016-08-02 13:58 ` Steve Grubb [this message]
2016-08-02 16:30 ` Richard Guy Briggs
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7465676.juF99Vr4t2@x2 \
--to=sgrubb@redhat.com \
--cc=linux-audit@redhat.com \
--cc=rgb@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.