[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160819043629.GA5983@madcap2.tricolour.ca>
Date: Fri, 19 Aug 2016 00:36:29 -0400
From: Richard Guy Briggs <rgb@...hat.com>
To: Paul Moore <paul@...l-moore.com>
Cc: sgrubb@...hat.com, linux-audit@...hat.com,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH V3 0/3] Add support for session ID user filtering
On 2016-08-18 19:53, Paul Moore wrote:
> On Thu, Aug 18, 2016 at 1:43 PM, Richard Guy Briggs <rgb@...hat.com> wrote:
> > https://github.com/linux-audit/audit-kernel/wiki/RFE-Session-ID-User-Filter
> > RFE Session ID User Filter
> >
> > https://github.com/linux-audit/audit-kernel/issues/4
> > RFE: add a session ID filter to the kernel's user filter
> >
> > See also the set of userspace suport patches:
> > Add support for sessionid user filters, sessionid_set and loginuid_set
> > https://www.redhat.com/archives/linux-audit/2016-August/msg00005.html
> > (userspace update expected to be posted 2016-08-18)
> > and the test case:
> > https://github.com/rgbriggs/audit-testsuite/tree/ghak4-test-for-sessionID-user-filter
> >
> > This third patch is expected to have a merge conflict with:
> > "audit: add exclude filter extension to feature bitmap"
> > posted on 2016-08-18.
> >
> > Richard Guy Briggs (3):
> > audit: add support for session ID user filter
> > audit: add AUDIT_SESSIONID_SET support
> > audit: add sessionid filter extension to feature bitmap
> >
> > include/linux/audit.h | 10 ++++++++++
> > include/uapi/linux/audit.h | 6 +++++-
> > kernel/auditfilter.c | 5 +++++
> > kernel/auditsc.c | 6 ++++++
> > 4 files changed, 26 insertions(+), 1 deletions(-)
>
> These patches look fine to me; the only comment I have is that these
> should probably be combined into a single patch to avoid
> cherry-picking of individual pieces, e.g. skipping the feature bitmap
> or AUDIT_SESSION_SET support. I can do that when I merge the patches,
> no need to resend unless you really want to ...
>
> However, the bigger issue is coordination with the userspace patches.
> I really don't like merging kernel patches until Steve OK's the
> corresponding userspace patches.
Well, some thought went in to making the two behave properly in the
absence of an update of the other. This was the primary reason for the
re-spin. That part of the process is working, since it was Steve's
feedback that provoked the respin.
> paul moore
- RGB
--
Richard Guy Briggs <rgb@...hat.com>
Kernel Security Engineering, Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635
Powered by blists - more mailing lists