From mboxrd@z Thu Jan  1 00:00:00 1970
From: Eric Paris <eparis@redhat.com>
Subject: [PATCH 0/4] Audit support for file capabilities
Date: Mon, 20 Oct 2008 18:25:57 -0400
Message-ID: <20081020222538.3895.50175.stgit@paris.rdu.redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-kernel@vger.kernel.org, linux-audit@redhat.com
Cc: viro@zeniv.linux.org.ok.redhat.com, morgan@kernel.org
List-Id: linux-audit@redhat.com

The following series implements audit support for file capabilities.  Audit
emits relevant fcaps infor for all path records, any time fcaps actually
escalate permissions, and we now print the arguments to sys_capset for when a
process tries to modify cap info.

---

Eric Paris (4):
      AUDIT: emit new record type showing all capset information
      AUDIT: audit when fcaps increase the permitted or inheritable capabilities
      AUDIT: output permitted and inheritable fcaps in PATH records
      CAPABILITIES: add cpu endian vfs caps structure


 include/linux/audit.h      |   22 +++++
 include/linux/capability.h |   12 +++
 kernel/auditsc.c           |  201 +++++++++++++++++++++++++++++++++++++++++++-
 kernel/capability.c        |    3 +
 security/commoncap.c       |  131 ++++++++++++++++-------------
 5 files changed, 308 insertions(+), 61 deletions(-)