From: Paul Moore <pmoore@redhat.com>
To: Eric Paris <eparis@redhat.com>, Steve Grubb <sgrubb@redhat.com>,
Richard Guy Briggs <rgb@redhat.com>
Cc: linux-audit@redhat.com, linux-kernel@vger.kernel.org, aviro@redhat.com
Subject: Re: [PATCH V5 0/5] audit by executable name
Date: Mon, 20 Oct 2014 19:02:33 -0400 [thread overview]
Message-ID: <2652562.S2IH3gqS0u@sifl> (raw)
In-Reply-To: <1413845247.30946.49.camel@localhost>
On Monday, October 20, 2014 06:47:27 PM Eric Paris wrote:
> On Mon, 2014-10-20 at 16:25 -0400, Steve Grubb wrote:
> > On Thursday, October 02, 2014 11:06:51 PM Richard Guy Briggs wrote:
> > > This is a part of Peter Moody, my and Eric Paris' work to implement
> > > audit by executable name.
> >
> > Does this patch set define an AUDIT_VERSION_SOMETHING and then set
> > AUDIT_VERSION_LATEST to it? If not, I need one to tell if the kernel
> > supports it when issuing commands. Also, if its conceivable that kernels
> > may pick and choose what features could be backported to a curated
> > kernel, should AUDIT_VERSION_ be a number that is incremented or a bit
> > mask?
>
> Right now the value is 2. So this is your last hope if you want to make
> it a bitmask. I'll leave that up to paul/richard to (over) design.
Audit is nothing if not over-designed. I want to make sure we're consistent
with the previous design methodologies ;)
I've been thinking about this for about the past half-hour while I've been
going through some other mail and I'm not really enthused about using the
version number to encode capabilities. What sort of problems would we have if
we introduced a new audit netlink command to query the kernel for audit
capabilities?
--
paul moore
security and virtualization @ redhat
next prev parent reply other threads:[~2014-10-20 23:02 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-03 3:06 [PATCH V5 0/5] audit by executable name Richard Guy Briggs
2014-10-03 3:06 ` [PATCH V5 1/5] audit: implement audit by executable Richard Guy Briggs
2014-10-03 3:06 ` [PATCH V5 2/5] audit: clean simple fsnotify implementation Richard Guy Briggs
2014-10-03 3:06 ` [PATCH V5 3/5] audit: convert audit_exe to audit_fsnotify Richard Guy Briggs
2014-10-03 3:06 ` [PATCH V5 4/5] audit: avoid double copying the audit_exe path string Richard Guy Briggs
2014-10-03 3:06 ` [PATCH V5 5/5] Revert "fixup! audit: clean simple fsnotify implementation" Richard Guy Briggs
2014-10-20 20:25 ` [PATCH V5 0/5] audit by executable name Steve Grubb
2014-10-20 22:47 ` Eric Paris
2014-10-20 23:02 ` Paul Moore [this message]
2014-10-20 23:33 ` Steve Grubb
2014-10-20 23:49 ` Steve Grubb
2014-10-21 21:56 ` Paul Moore
2014-10-21 22:06 ` Steve Grubb
2014-10-21 22:19 ` Eric Paris
2014-10-21 22:35 ` Paul Moore
2014-10-29 19:48 ` Richard Guy Briggs
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2652562.S2IH3gqS0u@sifl \
--to=pmoore@redhat.com \
--cc=aviro@redhat.com \
--cc=eparis@redhat.com \
--cc=linux-audit@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=rgb@redhat.com \
--cc=sgrubb@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox