| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHC9VhQ44G1oXLHTf7FmqwzYBRNW=5EPHod1uMTLhaY3sK_Qeg@mail.gmail.com>
Date: Tue, 3 May 2022 12:57:21 -0400
From: Paul Moore <paul@...l-moore.com>
To: Sven Schnelle <svens@...ux.ibm.com>
Cc: Eric Paris <eparis@...hat.com>, linux-audit@...hat.com,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/2] audit: add filterkey to special audit messages
On Tue, May 3, 2022 at 5:02 AM Sven Schnelle <svens@...ux.ibm.com> wrote:
>
> For automated filtering/testing it is useful to have the
> filter key logged in the message.
>
> Signed-off-by: Sven Schnelle <svens@...ux.ibm.com>
> ---
> kernel/auditsc.c | 1 +
> 1 file changed, 1 insertion(+)
The SOCKETCALL record, along with all of the others generated inside
show_special(), are associated with a SYSCALL record which carries the
"key=" field. As a general rule we try very hard not to duplicate
fields across records in a single audit event.
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index c856893041c9..2e349660a56f 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -1508,6 +1508,7 @@ static void show_special(struct audit_context *context, int *call_panic)
> audit_log_time(context, &ab);
> break;
> }
> + audit_log_key(ab, context->filterkey);
> audit_log_end(ab);
> }
>
> --
> 2.32.0
--
paul-moore.com
Powered by blists - more mailing lists