From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 94F94C433EF for ; Wed, 13 Oct 2021 20:03:14 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7834E60E96 for ; Wed, 13 Oct 2021 20:03:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230312AbhJMUFR (ORCPT ); Wed, 13 Oct 2021 16:05:17 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:34094 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231654AbhJMUFQ (ORCPT ); Wed, 13 Oct 2021 16:05:16 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1634155392; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=hhdJcjen3v6j5NvKxp+J2wwagi0CnajVx1UoxFM+giI=; b=DnpuVlqXK5Q6QbKidRHSG2ctbkHZDsvD+LG2N3GG69nAOZ9oDvTOKsm+0pUKS94Rdbla/O 2uR5TNWjzLd6x/RQ9K/11MB8NGjgmtttrDaHsU6oFYbZoGnupPeT8xnlxLMW1KBQS3DcHp SEA2nGd6VgKJX51hb4N/9jjMdqqboyQ= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-118-2vNBfazkO4WqK0T5L2x5ww-1; Wed, 13 Oct 2021 16:03:07 -0400 X-MC-Unique: 2vNBfazkO4WqK0T5L2x5ww-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D26091006AB1; Wed, 13 Oct 2021 20:03:04 +0000 (UTC) Received: from x2.localnet (unknown [10.22.33.236]) by smtp.corp.redhat.com (Postfix) with ESMTP id 330135BAFB; Wed, 13 Oct 2021 20:02:32 +0000 (UTC) From: Steve Grubb To: corbet@lwn.net, axboe@kernel.dk, agk@redhat.com, snitzer@redhat.com, ebiggers@kernel.org, tytso@mit.edu, paul@paul-moore.com, eparis@redhat.com, jmorris@namei.org, serge@hallyn.com, linux-audit@redhat.com Cc: linux-security-module@vger.kernel.org, linux-doc@vger.kernel.org, jannh@google.com, linux-fscrypt@vger.kernel.org, linux-kernel@vger.kernel.org, linux-block@vger.kernel.org, dm-devel@redhat.com, linux-audit@redhat.com, deven.desai@linux.microsoft.com Subject: Re: [RFC PATCH v7 07/16] ipe: add auditing support Date: Wed, 13 Oct 2021 16:02:30 -0400 Message-ID: <2159283.iZASKD2KPV@x2> Organization: Red Hat In-Reply-To: <1634151995-16266-8-git-send-email-deven.desai@linux.microsoft.com> References: <1634151995-16266-1-git-send-email-deven.desai@linux.microsoft.com> <1634151995-16266-8-git-send-email-deven.desai@linux.microsoft.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Precedence: bulk List-ID: X-Mailing-List: linux-doc@vger.kernel.org Hello, On Wednesday, October 13, 2021 3:06:26 PM EDT deven.desai@linux.microsoft.com wrote: > Users of IPE require a way to identify when and why an operation fails, > allowing them to both respond to violations of policy and be notified > of potentially malicious actions on their systens with respect to IPE > itself. Would you mind sending examples of audit events so that we can see what the end result is? Some people add them to the commit text. But we still need to see what they look like. Thanks, -Steve