From: Steve Grubb <sgrubb@redhat.com>
To: Yuichi Nakamura <ynakam@hitachisoft.jp>
Cc: linux-kernel@vger.kernel.org, linuxsh-dev@lists.sourceforge.net,
lethal@linux-sh.org, Al Viro <aviro@redhat.com>
Subject: Re: [patch] audit support for SH
Date: Wed, 7 Nov 2007 10:15:33 -0500 [thread overview]
Message-ID: <200711071015.33765.sgrubb@redhat.com> (raw)
In-Reply-To: <20071107135743.C1BD.YNAKAM@hitachisoft.jp>
On Wednesday 07 November 2007 12:04:46 am Yuichi Nakamura wrote:
> I found syscall audit does not work on SH(SuperH).
> I made patch to support syscall audit for SH.
I think this is close, but it looks like you missed the syscall classification
piece. You can find an example here:
arch/x86_64/kernel/audit.c
Its used for determining which syscalls we are interested in for watches.
Also, IBM and HP both have released audit test suites. You should run the CAPP
tests at a minimum to see if you have hooked everything that is expected. If
you have SE Linux enabled for that platform, you may want to try the LSPP
tests but you would need have the MLS policy installed.
IBM's announcement is here:
https://www.redhat.com/archives/redhat-lspp/2007-August/msg00002.html
and HP's here:
https://www.redhat.com/archives/linux-audit/2007-August/msg00030.html
And...user space would need an update for the syscall table and arches so that
you can run the tests. Please send that patch to linux-audit mail list.
Thanks,
-Steve
next prev parent reply other threads:[~2007-11-07 15:16 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-11-07 5:04 [patch] audit support for SH Yuichi Nakamura
2007-11-07 5:30 ` Paul Mundt
2007-11-07 15:15 ` Steve Grubb [this message]
2007-11-07 15:24 ` Paul Mundt
2007-11-08 8:16 ` Yuichi Nakamura
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200711071015.33765.sgrubb@redhat.com \
--to=sgrubb@redhat.com \
--cc=aviro@redhat.com \
--cc=lethal@linux-sh.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxsh-dev@lists.sourceforge.net \
--cc=ynakam@hitachisoft.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox