[PATCH 0/8] IMA: work on audit records produced by IMA

public inbox for linux-audit@redhat.com
 help / color / mirror / Atom feed

From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: zohar@linux.vnet.ibm.com, sgrubb@redhat.com
Cc: linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-audit@redhat.com,
	Stefan Berger <stefanb@linux.vnet.ibm.com>
Subject: [PATCH 0/8] IMA: work on audit records produced by IMA
Date: Thu, 24 May 2018 16:10:57 -0400	[thread overview]
Message-ID: <20180524201105.3179904-1-stefanb@linux.vnet.ibm.com> (raw)

This series of patches cleans up some usages of the audit
subsystem's API by IMA and extends the audit subsystem's API
with API calls for adding new fields to the audit_buffer. Besides
that we extend the existing audit records created while parsing
IMA policy rules with fields that are common for audit records
produced by IMA. Besides that we introduce a new record type
that IMA creates while parsing policy rules.

   Stefan


Stefan Berger (8):
  ima: Call audit_log_string() rather than logging it untrusted
  ima: Use audit_log_format() rather than audit_log_string()
  audit: Implement audit_log_tty()
  audit: Allow others to call audit_log_d_path_exe()
  integrity: Add exe= and tty= before res= to integrity audits
  integrity: Factor out common part of integrity_audit_msg()
  ima: Do not audit if CONFIG_INTEGRITY_AUDIT is not set
  ima: Differentiate auditing policy rules from "audit" actions

 include/linux/audit.h                | 10 ++++++++++
 include/uapi/linux/audit.h           |  3 ++-
 kernel/audit.c                       |  8 ++++++++
 security/integrity/ima/Kconfig       |  1 +
 security/integrity/ima/ima_policy.c  | 12 ++++++++----
 security/integrity/integrity.h       | 26 ++++++++++++++++++++++++++
 security/integrity/integrity_audit.c | 32 +++++++++++++++++++-------------
 7 files changed, 74 insertions(+), 18 deletions(-)

-- 
2.13.6

next             reply	other threads:[~2018-05-24 20:10 UTC|newest]

Thread overview: 48+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-05-24 20:10 Stefan Berger [this message]
2018-05-24 20:10 ` [PATCH 1/8] ima: Call audit_log_string() rather than logging it untrusted Stefan Berger
2018-05-29 20:29   ` Paul Moore
2018-05-24 20:10 ` [PATCH 2/8] ima: Use audit_log_format() rather than audit_log_string() Stefan Berger
2018-05-29 20:31   ` Paul Moore
2018-05-24 20:11 ` [PATCH 3/8] audit: Implement audit_log_tty() Stefan Berger
2018-05-29 21:07   ` Paul Moore
2018-05-30 19:46     ` Stefan Berger
2018-05-24 20:11 ` [PATCH 4/8] audit: Allow others to call audit_log_d_path_exe() Stefan Berger
2018-05-29 21:18   ` Paul Moore
2018-05-24 20:11 ` [PATCH 5/8] integrity: Add exe= and tty= before res= to integrity audits Stefan Berger
2018-05-29 21:19   ` Paul Moore
2018-05-29 21:35     ` Steve Grubb
2018-05-29 21:47       ` Paul Moore
2018-05-29 22:58         ` Mimi Zohar
2018-05-30 13:04           ` Mimi Zohar
2018-05-30 21:15             ` Paul Moore
2018-05-30 12:17     ` Stefan Berger
2018-05-30 21:14       ` Paul Moore
2018-05-24 20:11 ` [PATCH 6/8] integrity: Factor out common part of integrity_audit_msg() Stefan Berger
2018-05-29 21:32   ` Steve Grubb
2018-05-30 13:04     ` Stefan Berger
2018-05-24 20:11 ` [PATCH 7/8] ima: Do not audit if CONFIG_INTEGRITY_AUDIT is not set Stefan Berger
2018-05-24 20:11 ` [PATCH 8/8] ima: Differentiate auditing policy rules from "audit" actions Stefan Berger
2018-05-29 21:30   ` Steve Grubb
2018-05-30 13:54     ` Stefan Berger
2018-05-30 15:15       ` Steve Grubb
2018-05-30 15:25         ` Stefan Berger
2018-05-30 16:27           ` Steve Grubb
2018-05-30 19:54             ` Stefan Berger
2018-05-30 21:24               ` Paul Moore
2018-05-30 21:49                 ` Stefan Berger
2018-05-30 22:00                   ` Mimi Zohar
2018-05-30 22:15                     ` Stefan Berger
2018-05-30 22:41                       ` Mimi Zohar
2018-05-30 23:54                   ` Paul Moore
2018-05-31  0:46                     ` Lenny Bruzenak
2018-05-31 15:51                       ` Paul Moore
2018-05-30 12:49   ` Richard Guy Briggs
2018-05-30 12:55     ` Steve Grubb
2018-05-30 13:08     ` Stefan Berger
2018-05-30 21:22       ` Paul Moore
2018-05-30 21:38         ` Stefan Berger
2018-05-30 23:34           ` Richard Guy Briggs
2018-06-01 20:00             ` Stefan Berger
2018-06-01 20:13               ` Paul Moore
2018-06-01 20:21                 ` Paul Moore
2018-06-01 20:50                 ` Stefan Berger

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180524201105.3179904-1-stefanb@linux.vnet.ibm.com \
    --to=stefanb@linux.vnet.ibm.com \
    --cc=linux-audit@redhat.com \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=sgrubb@redhat.com \
    --cc=zohar@linux.vnet.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox