lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 19 Aug 2016 15:08:52 -0400
From:   Paul Moore <paul@...l-moore.com>
To:     Richard Guy Briggs <rgb@...hat.com>, sgrubb@...hat.com
Cc:     linux-audit@...hat.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH V3 0/3] Add support for session ID user filtering

On Thu, Aug 18, 2016 at 7:53 PM, Paul Moore <paul@...l-moore.com> wrote:
> On Thu, Aug 18, 2016 at 1:43 PM, Richard Guy Briggs <rgb@...hat.com> wrote:
>> https://github.com/linux-audit/audit-kernel/wiki/RFE-Session-ID-User-Filter
>> RFE Session ID User Filter
>>
>> https://github.com/linux-audit/audit-kernel/issues/4
>> RFE: add a session ID filter to the kernel's user filter
>>
>> See also the set of userspace suport patches:
>>         Add support for sessionid user filters, sessionid_set and loginuid_set
>>         https://www.redhat.com/archives/linux-audit/2016-August/msg00005.html
>>         (userspace update expected to be posted 2016-08-18)
>> and the test case:
>>         https://github.com/rgbriggs/audit-testsuite/tree/ghak4-test-for-sessionID-user-filter
>>
>> This third patch is expected to have a merge conflict with:
>>         "audit: add exclude filter extension to feature bitmap"
>> posted on 2016-08-18.
>>
>> Richard Guy Briggs (3):
>>   audit: add support for session ID user filter
>>   audit: add AUDIT_SESSIONID_SET support
>>   audit: add sessionid filter extension to feature bitmap
>>
>>  include/linux/audit.h      |   10 ++++++++++
>>  include/uapi/linux/audit.h |    6 +++++-
>>  kernel/auditfilter.c       |    5 +++++
>>  kernel/auditsc.c           |    6 ++++++
>>  4 files changed, 26 insertions(+), 1 deletions(-)
>
> These patches look fine to me; the only comment I have is that these
> should probably be combined into a single patch to avoid
> cherry-picking of individual pieces, e.g. skipping the feature bitmap
> or AUDIT_SESSION_SET support.  I can do that when I merge the patches,
> no need to resend unless you really want to ...
>
> However, the bigger issue is coordination with the userspace patches.
> I really don't like merging kernel patches until Steve OK's the
> corresponding userspace patches.

I went ahead and squashed the patches into one and merged it into the
audit#working-session_filter-v3 branch.  Take a look and if anything
looks awry let me know.

I'm also going to start including this patch/branch in my
pcmoore/kernel-secnext Copr builds so it is easier for you/sgrubb to
test the userspace support; once Steve OK's the userspace code I'll
merge this patch(set) into audit#next properly.

* https://github.com/linux-audit/audit-kernel/issues/4
* https://copr.fedorainfracloud.org/coprs/pcmoore/kernel-secnext

-- 
paul moore
www.paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ