lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:	Mon, 09 Nov 2009 13:21:13 -0500
From:	Eric Paris <eparis@...hat.com>
To:	Miloslav Trmač <mitr@...hat.com>
Cc:	viro@...iv.linux.org.uk, linux-audit@...hat.com,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] audit: Match SELinux context in "user" records

On Mon, 2009-11-09 at 16:10 +0100, Miloslav Trmač wrote:
> From: Miloslav Trmac <mitr@...hat.com>
> 
> Add support for matching by security label (e.g. SELinux context) of
> the sender of an user-space audit record.
> 
> The audit filter code already allows user space to configure such
> filters, but they were ignored during evaluation.  This patch implements
> evaluation of these filters.
> 
> For example, after application of this patch, PAM authentication logs
> caused by cron can be disabled using
> 	auditctl -a user,never -F subj_type=crond_t
> 
> Signed-off-by: Miloslav Trmac <mitr@...hat.com>

I wish there was a way to stop sending these instead of dropping them
later, but the functionality itself is not a horrid idea and this isn't
a performance hot list (like the syscall list)  so.....

Acked-by: Eric Paris <eparis@...hat.com>

(I actually talked to Al about it already and he'll queue it up for the
next merge window)

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists