From: Paul Moore <paul@paul-moore.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: audit@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [GIT PULL] audit/audit-pr-20260203
Date: Tue, 03 Feb 2026 23:10:33 -0500 [thread overview]
Message-ID: <4d8d54dd3db528deba7eddf05201b1df@paul-moore.com> (raw)
Linus,
This is a bit early, but due to some personal scheduling I'd rather send
this to you now, and you always mention you prefer to get pull requests
early (perhaps not this early?) so here is hoping this is a win-win.
Here are the highlights for the audit changes queued for the Linux v7.0
merge window:
- Improve the NETFILTER_PKT audit records
Add source and destination ports to the NETFILTER_PKT audit records while
also consolidating a lot of the code into a new, singular
audit_log_nf_skb() function. This new approach to structuring the
NETFILTER_PKT record generation should elimiate some unnecessary overhead
when audit is not built into the kernel.
- Update the audit syscall classifier code
Add the listxattrat(), getxattrat(), and fchmodat2() syscall to the
audit code which classifies syscalls into categories of operations, e.g.
"read" or "change attributes".
- Move the syscall classifier declarations into audit_arch.h
Shuffle around some header file declarations to resolve some sparse
warnings.
Paul
--
The following changes since commit 8f0b4cce4481fb22653697cced8d0d04027cb1e8:
Linux 6.19-rc1 (2025-12-14 16:05:07 +1200)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git
tags/audit-pr-20260203
for you to fetch changes up to 76489955c6d4a065ca69dc88faf7a50a59b66f35:
audit: move the compat_xxx_class[] extern declarations to audit_arch.h
(2026-01-09 16:37:59 -0500)
----------------------------------------------------------------
audit/stable-7.0 PR 20260203
----------------------------------------------------------------
Ben Dooks (1):
audit: move the compat_xxx_class[] extern declarations to
audit_arch.h
Jeffrey Bencteux (2):
audit: add fchmodat2() to change attributes class
audit: add missing syscalls to read class
Ricardo Robaina (2):
audit: add audit_log_nf_skb helper function
audit: include source and destination ports to NETFILTER_PKT
include/asm-generic/audit_change_attr.h | 3
include/asm-generic/audit_read.h | 6
include/linux/audit.h | 14 +-
include/linux/audit_arch.h | 7 +
kernel/audit.c | 159 ++++++++++++++++++++++++
net/netfilter/nft_log.c | 58 --------
net/netfilter/xt_AUDIT.c | 58 --------
7 files changed, 185 insertions(+), 120 deletions(-)
--
paul-moore.com
next reply other threads:[~2026-02-04 4:10 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-04 4:10 Paul Moore [this message]
2026-02-10 0:50 ` [GIT PULL] audit/audit-pr-20260203 pr-tracker-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4d8d54dd3db528deba7eddf05201b1df@paul-moore.com \
--to=paul@paul-moore.com \
--cc=audit@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox