From: Paul Moore <pmoore@redhat.com>
To: linux-audit@redhat.com, hujianyang <hujianyang@huawei.com>
Cc: rgb@redhat.com, jlayton@redhat.com
Subject: Re: [RFC PATCH] audit: correctly record file names with different path name types
Date: Wed, 03 Dec 2014 16:27:34 -0500 [thread overview]
Message-ID: <3214700.P9gl05RaQR@sifl> (raw)
In-Reply-To: <547E6D42.1000503@huawei.com>
On Wednesday, December 03, 2014 09:54:10 AM hujianyang wrote:
> On 2014/12/3 0:02, Paul Moore wrote:
> > First, could you provide the /etc/audit/auditd.conf and
> > /etc/audit/audit.rules files you used for your testing? I don't
> > understand configuration script/language you used above.
>
> /etc/audit/audit.conf
>
> #
> # This file controls the configuration of the audit daemon
> #
... {snip} ...
> /etc/audit/audit.rules:
>
> # This file contains the auditctl rules that are loaded
> # whenever the audit daemon is started via the initscripts.
> # The rules are simply the parameters that would be passed
> # to auditctl.
... {snip} ...
I setup my system using your configuration and the system booted and ran the
regression test described in the patch description without problem. I know of
at least one other person that has tested this patch without problem as well.
> > Second, I tested the patch against the audit tree's stable-3.18 branch,
> > could you (re)test against 3.18-rcX instead of 3.10.X? There have been a
> > number of changes to the audit subsystem since 3.10 was released and it
> > would surprise me if the patch I posted has problems on 3.10.X.
> >
> > * git://git.infradead.org/users/pcmoore/audit stable-3.18
>
> Sorry, my testing environment is built on a embedded arm device. Changing
> kernel version need lots of changes for device driver which is beyond my
> ability.
I know that many embedded systems include several kernel patches that deviate
from the upstream sources (device drivers, etc.), is that the case with your
system?
> I wish you could implement my configuration on your environment and test
> if it's OK. After that, we can list the changes from 3.10 stable to 3.18
> stable.
I did test your configuration, without problem. I suspect there is some sort
of conflict between the patch and one of the kernel patches in your system.
Is there any chance you can debug the problem you saw?
I'm going to remove the CC:stable from the patch description to be safe, but
as of right now I think it is reasonable to include the patch in the audit
next branch.
--
paul moore
security and virtualization @ redhat
next prev parent reply other threads:[~2014-12-03 21:27 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-01 21:27 [RFC PATCH] audit: correctly record file names with different path name types Paul Moore
2014-12-01 21:48 ` Richard Guy Briggs
2014-12-02 7:12 ` hujianyang
2014-12-02 7:31 ` hujianyang
2014-12-02 16:02 ` Paul Moore
2014-12-03 1:54 ` hujianyang
2014-12-03 21:27 ` Paul Moore [this message]
2014-12-04 2:04 ` hujianyang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3214700.P9gl05RaQR@sifl \
--to=pmoore@redhat.com \
--cc=hujianyang@huawei.com \
--cc=jlayton@redhat.com \
--cc=linux-audit@redhat.com \
--cc=rgb@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox