From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Steve Grubb <sgrubb@redhat.com>, Paul Moore <paul@paul-moore.com>,
Sasha Levin <sashal@kernel.org>,
linux-audit@redhat.com
Subject: [PATCH AUTOSEL 4.9 16/26] audit: CONFIG_CHANGE don't log internal bookkeeping as an event
Date: Sat, 11 Apr 2020 19:14:03 -0400 [thread overview]
Message-ID: <20200411231413.26911-16-sashal@kernel.org> (raw)
In-Reply-To: <20200411231413.26911-1-sashal@kernel.org>
From: Steve Grubb <sgrubb@redhat.com>
[ Upstream commit 70b3eeed49e8190d97139806f6fbaf8964306cdb ]
Common Criteria calls out for any action that modifies the audit trail to
be recorded. That usually is interpreted to mean insertion or removal of
rules. It is not required to log modification of the inode information
since the watch is still in effect. Additionally, if the rule is a never
rule and the underlying file is one they do not want events for, they
get an event for this bookkeeping update against their wishes.
Since no device/inode info is logged at insertion and no device/inode
information is logged on update, there is nothing meaningful being
communicated to the admin by the CONFIG_CHANGE updated_rules event. One
can assume that the rule was not "modified" because it is still watching
the intended target. If the device or inode cannot be resolved, then
audit_panic is called which is sufficient.
The correct resolution is to drop logging config_update events since
the watch is still in effect but just on another unknown inode.
Signed-off-by: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/audit_watch.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
index 712469a3103ac..54b30c9bd8b13 100644
--- a/kernel/audit_watch.c
+++ b/kernel/audit_watch.c
@@ -316,8 +316,6 @@ static void audit_update_watch(struct audit_parent *parent,
if (oentry->rule.exe)
audit_remove_mark(oentry->rule.exe);
- audit_watch_log_rule_change(r, owatch, "updated_rules");
-
call_rcu(&oentry->rcu, audit_free_rule_rcu);
}
--
2.20.1
next prev parent reply other threads:[~2020-04-11 23:17 UTC|newest]
Thread overview: 73+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-11 23:13 [PATCH AUTOSEL 4.9 01/26] net: wan: wanxl: use allow to pass CROSS_COMPILE_M68k for rebuilding firmware Sasha Levin
2020-04-11 23:13 ` [PATCH AUTOSEL 4.9 02/26] net: phy: probe PHY drivers synchronously Sasha Levin
2020-04-11 23:13 ` [PATCH AUTOSEL 4.9 03/26] serial: 8250_omap: Fix sleeping function called from invalid context during probe Sasha Levin
2020-04-11 23:13 ` [PATCH AUTOSEL 4.9 04/26] net: phy: mscc: accept all RGMII species in vsc85xx_mac_if_set Sasha Levin
2020-04-11 23:13 ` [PATCH AUTOSEL 4.9 05/26] RDMA/cm: Add missing locking around id.state in cm_dup_req_handler Sasha Levin
2020-04-11 23:13 ` [PATCH AUTOSEL 4.9 06/26] mwifiex: set needed_headroom, not hard_header_len Sasha Levin
2020-04-11 23:13 ` [PATCH AUTOSEL 4.9 07/26] Bluetooth: L2CAP: handle l2cap config request during open state Sasha Levin
2020-04-11 23:13 ` [PATCH AUTOSEL 4.9 08/26] drm/tegra: dc: Release PM and RGB output when client's registration fails Sasha Levin
2020-04-11 23:13 ` [PATCH AUTOSEL 4.9 09/26] net/mlx5e: Init ethtool steering for representors Sasha Levin
2020-04-12 7:10 ` Or Gerlitz
2020-04-12 17:59 ` Jakub Kicinski
2020-04-12 18:29 ` Or Gerlitz
2020-04-14 1:56 ` Sasha Levin
2020-04-14 7:16 ` Leon Romanovsky
2020-04-14 10:22 ` Or Gerlitz
2020-04-14 11:09 ` Greg KH
2020-04-14 14:38 ` Or Gerlitz
2020-04-14 15:16 ` Sasha Levin
2020-04-14 15:49 ` Edward Cree
2020-04-14 17:37 ` Leon Romanovsky
2020-04-14 19:03 ` Jakub Kicinski
2020-04-14 21:00 ` Sasha Levin
2020-04-14 22:50 ` Michal Kubecek
2020-04-15 5:31 ` Leon Romanovsky
2020-04-15 14:07 ` Sasha Levin
2020-04-14 20:57 ` Sasha Levin
2020-04-15 16:18 ` Edward Cree
2020-04-16 0:00 ` Sasha Levin
2020-04-16 4:08 ` Saeed Mahameed
2020-04-16 5:24 ` Leon Romanovsky
2020-04-16 13:30 ` Sasha Levin
2020-04-16 19:07 ` Saeed Mahameed
2020-04-16 19:58 ` Sasha Levin
2020-04-16 21:08 ` Saeed Mahameed
2020-04-17 8:28 ` gregkh
2020-04-17 22:23 ` Saeed Mahameed
2020-04-18 10:51 ` gregkh
2020-04-17 13:21 ` Sasha Levin
2020-04-17 22:38 ` Saeed Mahameed
2020-04-16 13:40 ` Or Gerlitz
2020-04-16 14:04 ` Sasha Levin
2020-04-16 14:17 ` Or Gerlitz
2020-04-16 14:36 ` Sasha Levin
2020-04-16 17:20 ` Greg KH
2020-04-16 19:31 ` Saeed Mahameed
2020-04-16 19:53 ` Sasha Levin
2020-04-16 21:32 ` Saeed Mahameed
2020-04-16 23:23 ` Sasha Levin
2020-04-21 3:07 ` Saeed Mahameed
2020-04-16 20:08 ` Jakub Kicinski
2020-04-16 21:11 ` Saeed Mahameed
2020-04-17 8:25 ` gregkh
2020-04-16 16:06 ` Edward Cree
2020-04-16 18:49 ` Sasha Levin
2020-04-20 11:45 ` Edward Cree
2020-04-20 12:53 ` Sasha Levin
2020-04-11 23:13 ` [PATCH AUTOSEL 4.9 10/26] Bluetooth: Fix calculation of SCO handle for packet processing Sasha Levin
2020-04-11 23:13 ` [PATCH AUTOSEL 4.9 11/26] Bluetooth: guard against controllers sending zero'd events Sasha Levin
2020-04-11 23:13 ` [PATCH AUTOSEL 4.9 12/26] RDMA/rxe: Fix configuration of atomic queue pair attributes Sasha Levin
2020-04-11 23:14 ` [PATCH AUTOSEL 4.9 13/26] net: intel: e1000e: fix possible sleep-in-atomic-context bugs in e1000e_get_hw_semaphore() Sasha Levin
2020-04-11 23:14 ` [PATCH AUTOSEL 4.9 14/26] crypto: tcrypt - fix printed skcipher [a]sync mode Sasha Levin
2020-04-11 23:14 ` [PATCH AUTOSEL 4.9 15/26] drm/omap: fix possible object reference leak Sasha Levin
2020-04-11 23:14 ` Sasha Levin [this message]
2020-04-11 23:14 ` [PATCH AUTOSEL 4.9 17/26] Bluetooth: btusb: Add support for 13d3:3548 Realtek 8822CE device Sasha Levin
2020-04-11 23:14 ` [PATCH AUTOSEL 4.9 18/26] scsi: lpfc: Fix RQ buffer leakage when no IOCBs available Sasha Levin
2020-04-11 23:14 ` [PATCH AUTOSEL 4.9 19/26] Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl Sasha Levin
2020-04-11 23:14 ` [PATCH AUTOSEL 4.9 20/26] brcmfmac: Fix driver crash on USB control transfer timeout Sasha Levin
2020-04-11 23:14 ` [PATCH AUTOSEL 4.9 21/26] RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow Sasha Levin
2020-04-11 23:14 ` [PATCH AUTOSEL 4.9 22/26] ASoC: Intel: Skylake: Enable codec wakeup during chip init Sasha Levin
2020-04-11 23:14 ` [PATCH AUTOSEL 4.9 23/26] dmaengine: stm32-dma: use reset controller only at probe time Sasha Levin
2020-04-11 23:14 ` [PATCH AUTOSEL 4.9 24/26] scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic Sasha Levin
2020-04-11 23:14 ` [PATCH AUTOSEL 4.9 25/26] ext4: check for non-zero journal inum in ext4_calculate_overhead Sasha Levin
2020-04-11 23:14 ` [PATCH AUTOSEL 4.9 26/26] svcrdma: Fix leak of transport addresses Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200411231413.26911-16-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=linux-audit@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=sgrubb@redhat.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).