From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jiri Olsa Subject: Re: [PATCH] bpf: emit audit messages upon successful prog load and unload Date: Fri, 22 Nov 2019 10:35:55 +0100 Message-ID: <20191122093555.GC8287@krava> References: <20191120213816.8186-1-jolsa@kernel.org> <8c928ec4-9e43-3e2a-7005-21f40fcca061@iogearbox.net> Mime-Version: 1.0 Content-Type: text/plain; charset=WINDOWS-1252 Content-Transfer-Encoding: quoted-printable Return-path: In-Reply-To: Content-Disposition: inline Sender: netdev-owner@vger.kernel.org To: Paul Moore Cc: Alexei Starovoitov , linux-audit@redhat.com, Jiri Olsa , Daniel Borkmann , Alexei Starovoitov , Network Development , bpf , Andrii Nakryiko , Yonghong Song , Martin KaFai Lau , Jakub Kicinski , Steve Grubb , David Miller , Eric Paris , Jiri Benc List-Id: linux-audit@redhat.com On Thu, Nov 21, 2019 at 06:41:31PM -0500, Paul Moore wrote: SNIP > a common requirement for new audit functionality (link below). I'm > also fairly certain we don't want this new BPF record to look like how > you've coded it up in bpf_audit_prog(); duplicating the fields with > audit_log_task() is wrong, you've either already got them via an > associated record (which you get from passing non-NULL as the first > parameter to audit_log_start()), or you don't because there is no > associated syscall/task (which you get from passing NULL as the first ok, I'll send change that reflects this.. together with the test thanks, jirka > parameter). Please revert, un-merge, etc. this patch from bpf-next; > it should not go into Linus' tree as written. >=20 > Audit userspace PR: > * https://github.com/linux-audit/audit-userspace/pull/104 >=20 > Audit test suite: > * https://github.com/linux-audit/audit-testsuite >=20 > Audit folks, here is a link to the thread in the archives: > * https://lore.kernel.org/bpf/20191120213816.8186-1-jolsa@kernel.org/T/#u >=20 > --=20 > paul moore > www.paul-moore.com >=20