| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAEtDzYQHS+j2kN3tys0QM_Myqx5BTLkkcTx6AjHEJh=zzxqY-Q@mail.gmail.com>
Date: Mon, 1 Nov 2021 19:59:05 -0400
From: Paul Moore <pcmoore@...ch.edu>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: linux-audit@...hat.com, linux-kernel@...r.kernel.org
Subject: [GIT PULL] Audit patches for v5.16
Hi Linus,
Here is the audit pull request for v5.16 with a note about merge
conflicts following the (very) short list of highlight(s) below.
** Highlight
- Add some additional audit logging to capture the openat2() syscall
open_how struct info. Previous variations of the open()/openat()
syscalls allowed audit admins to inspect the syscall args to get the
information contained in the new open_how struct used in openat2().
** Merge Notes
- I'm expecting three trees to add new audit record types during this
merge window: SELinux, block/device-mapper, and audit. I've already
talked with the different maintainers and there shouldn't be any
duplicated values, but I expect you will see some merge conflicts in
include/uapi/linux/audit.h; the "correct" values should end up as:
+#define AUDIT_URINGOP 1336 /* io_uring operation */
+#define AUDIT_OPENAT2 1337 /* Record showing openat2 how args */
+#define AUDIT_DM_CTRL 1338 /* Device Mapper target control */
+#define AUDIT_DM_EVENT 1339 /* Device Mapper events */
Thanks,
-Paul
--
The following changes since commit 6880fa6c56601bb8ed59df6c30fd390cc5f6dd8f:
Linux 5.15-rc1 (2021-09-12 16:28:37 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git
tags/audit-pr-20211101
for you to fetch changes up to d9516f346e8b8e9c7dd37976a06a5bde1a871d6f:
audit: return early if the filter rule has a lower priority
(2021-10-18 18:34:37 -0400)
----------------------------------------------------------------
audit/stable-5.16 PR 20211101
----------------------------------------------------------------
Cai Huoqing (1):
audit: Convert to SPDX identifier
Christophe Leroy (1):
audit: rename struct node to struct audit_node to prevent future name
collisions
Gaosheng Cui (1):
audit: return early if the filter rule has a lower priority
Ondrej Mosnacek (1):
lsm_audit: avoid overloading the "key" audit field
Richard Guy Briggs (3):
audit: replace magic audit syscall class numbers with macros
audit: add support for the openat2 syscall
audit: add OPENAT2 record to list "how" info
MAINTAINERS | 1 +
arch/alpha/kernel/audit.c | 10 +++++---
arch/ia64/kernel/audit.c | 10 +++++---
arch/parisc/kernel/audit.c | 10 +++++---
arch/parisc/kernel/compat_audit.c | 11 +++++---
arch/powerpc/kernel/audit.c | 12 +++++----
arch/powerpc/kernel/compat_audit.c | 13 ++++++----
arch/s390/kernel/audit.c | 12 +++++----
arch/s390/kernel/compat_audit.c | 13 ++++++----
arch/sparc/kernel/audit.c | 12 +++++----
arch/sparc/kernel/compat_audit.c | 13 ++++++----
arch/x86/ia32/audit.c | 13 ++++++----
arch/x86/kernel/audit_64.c | 10 +++++---
fs/open.c | 2 ++
include/linux/audit.h | 11 ++++++++
include/linux/audit_arch.h | 24 ++++++++++++++++++
include/uapi/linux/audit.h | 1 +
kernel/audit.h | 2 ++
kernel/audit_tree.c | 20 +++++++--------
kernel/auditsc.c | 51 +++++++++++++++++++-------------
lib/audit.c | 14 +++++++----
lib/compat_audit.c | 15 +++++++----
security/lsm_audit.c | 2 +-
23 files changed, 184 insertions(+), 98 deletions(-)
create mode 100644 include/linux/audit_arch.h
--
paul moore
www.paul-moore.com
Powered by blists - more mailing lists