Re: [RFC PATCH] audit: correctly record file names with different path name types

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Paul Moore <pmoore@redhat.com>
To: hujianyang <hujianyang@huawei.com>
Cc: rgb@redhat.com, linux-audit@redhat.com, jlayton@redhat.com
Subject: Re: [RFC PATCH] audit: correctly record file names with different path name types
Date: Tue, 02 Dec 2014 11:02:10 -0500	[thread overview]
Message-ID: <7974163.PYVG5D7BPp@sifl> (raw)
In-Reply-To: <547D6659.6090603@huawei.com>

On Tuesday, December 02, 2014 03:12:25 PM hujianyang wrote:
> Hi Paul,
> 
> Thanks for your work~! But I'm sorry to say I've tested this patch with
> a kernel 3.10.53 and met a panic while booting. I think it's caused by
> this patch.
> 
> Could you please take some time to look at this? Did I do something
> wrong?

...

On Tuesday, December 02, 2014 03:31:17 PM hujianyang wrote:
> This is configure options in my environment. I hope it would
> help you~!
> 
> 
> # 5.2 audit configuration
> # 5.2.1
> 
> # 5.2.2 Stop system when log is full
> configuration modify "/etc/audit/auditd.conf@space_left_action =
> SYSLOG@space_left_action = SYSLOG" #configuration modify
> "/etc/audit/auditd.conf@admin_space_left_action =
> SUSPEND@admin_space_left_action = HALT" configuration modify
> "/etc/audit/auditd.conf@space_left = 75@space_left = 2" configuration
> modify "/etc/audit/auditd.conf@admin_space_left = 50@admin_space_left = 1"

Thanks for taking the time to test, however, a few things ...

First, could you provide the /etc/audit/auditd.conf and /etc/audit/audit.rules 
files you used for your testing?  I don't understand configuration 
script/language you used above.

Second, I tested the patch against the audit tree's stable-3.18 branch, could 
you (re)test against 3.18-rcX instead of 3.10.X?  There have been a number of 
changes to the audit subsystem since 3.10 was released and it would surprise 
me if the patch I posted has problems on 3.10.X.

 * git://git.infradead.org/users/pcmoore/audit stable-3.18

Thanks,
-Paul

-- 
paul moore
security and virtualization @ redhat

next prev parent reply	other threads:[~2014-12-02 16:02 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-12-01 21:27 [RFC PATCH] audit: correctly record file names with different path name types Paul Moore
2014-12-01 21:48 ` Richard Guy Briggs
2014-12-02  7:12 ` hujianyang
2014-12-02  7:31   ` hujianyang
2014-12-02 16:02   ` Paul Moore [this message]
2014-12-03  1:54     ` hujianyang
2014-12-03 21:27       ` Paul Moore
2014-12-04  2:04         ` hujianyang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=7974163.PYVG5D7BPp@sifl \
    --to=pmoore@redhat.com \
    --cc=hujianyang@huawei.com \
    --cc=jlayton@redhat.com \
    --cc=linux-audit@redhat.com \
    --cc=rgb@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.