lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 19 Aug 2016 00:36:29 -0400
From:   Richard Guy Briggs <rgb@...hat.com>
To:     Paul Moore <paul@...l-moore.com>
Cc:     sgrubb@...hat.com, linux-audit@...hat.com,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH V3 0/3] Add support for session ID user filtering

On 2016-08-18 19:53, Paul Moore wrote:
> On Thu, Aug 18, 2016 at 1:43 PM, Richard Guy Briggs <rgb@...hat.com> wrote:
> > https://github.com/linux-audit/audit-kernel/wiki/RFE-Session-ID-User-Filter
> > RFE Session ID User Filter
> >
> > https://github.com/linux-audit/audit-kernel/issues/4
> > RFE: add a session ID filter to the kernel's user filter
> >
> > See also the set of userspace suport patches:
> >         Add support for sessionid user filters, sessionid_set and loginuid_set
> >         https://www.redhat.com/archives/linux-audit/2016-August/msg00005.html
> >         (userspace update expected to be posted 2016-08-18)
> > and the test case:
> >         https://github.com/rgbriggs/audit-testsuite/tree/ghak4-test-for-sessionID-user-filter
> >
> > This third patch is expected to have a merge conflict with:
> >         "audit: add exclude filter extension to feature bitmap"
> > posted on 2016-08-18.
> >
> > Richard Guy Briggs (3):
> >   audit: add support for session ID user filter
> >   audit: add AUDIT_SESSIONID_SET support
> >   audit: add sessionid filter extension to feature bitmap
> >
> >  include/linux/audit.h      |   10 ++++++++++
> >  include/uapi/linux/audit.h |    6 +++++-
> >  kernel/auditfilter.c       |    5 +++++
> >  kernel/auditsc.c           |    6 ++++++
> >  4 files changed, 26 insertions(+), 1 deletions(-)
> 
> These patches look fine to me; the only comment I have is that these
> should probably be combined into a single patch to avoid
> cherry-picking of individual pieces, e.g. skipping the feature bitmap
> or AUDIT_SESSION_SET support.  I can do that when I merge the patches,
> no need to resend unless you really want to ...
> 
> However, the bigger issue is coordination with the userspace patches.
> I really don't like merging kernel patches until Steve OK's the
> corresponding userspace patches.

Well, some thought went in to making the two behave properly in the
absence of an update of the other.  This was the primary reason for the
re-spin.  That part of the process is working, since it was Steve's
feedback that provoked the respin.

> paul moore

- RGB

--
Richard Guy Briggs <rgb@...hat.com>
Kernel Security Engineering, Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ