| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250106.ohHi4La0ahTh@digikod.net> Date: Mon, 6 Jan 2025 15:51:53 +0100 From: Mickaël Salaün <mic@...ikod.net> To: Paul Moore <paul@...l-moore.com> Cc: Eric Paris <eparis@...hat.com>, Günther Noack <gnoack@...gle.com>, "Serge E . Hallyn" <serge@...lyn.com>, Ben Scarlato <akhna@...gle.com>, Casey Schaufler <casey@...aufler-ca.com>, Charles Zaffery <czaffery@...lox.com>, Francis Laniel <flaniel@...ux.microsoft.com>, James Morris <jmorris@...ei.org>, Jann Horn <jannh@...gle.com>, Jeff Xu <jeffxu@...gle.com>, Jorge Lucangeli Obes <jorgelo@...gle.com>, Kees Cook <kees@...nel.org>, Konstantin Meskhidze <konstantin.meskhidze@...wei.com>, Matt Bobrowski <mattbobrowski@...gle.com>, Mikhail Ivanov <ivanov.mikhail1@...wei-partners.com>, Phil Sutter <phil@....cc>, Praveen K Paladugu <prapal@...ux.microsoft.com>, Robert Salvet <robert.salvet@...lox.com>, Shervin Oloumi <enlightened@...gle.com>, Song Liu <song@...nel.org>, Tahera Fahimi <fahimitahera@...il.com>, audit@...r.kernel.org, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org Subject: Re: [PATCH v3 18/23] landlock: Log scoped denials On Sat, Jan 04, 2025 at 08:23:53PM -0500, Paul Moore wrote: > On Nov 22, 2024 =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= <mic@...ikod.net> wrote: > > > > Add audit support for unix_stream_connect, unix_may_send, task_kill, and > > file_send_sigiotask hooks. > > > > Audit event sample: > > > > type=LL_DENY [...]: domain=195ba459b blockers=scope_abstract_unix_socket path=00666F6F > > Similar to 17/23, I believe the SOCKADDR record should already capture > the socket address information. This might not be the case, which is why SELinux and others explicitly log it I guess. > > It would also be nice to see an example record on a signal event. Yes, I'll add such example. > > > Cc: Günther Noack <gnoack@...gle.com> > > Cc: Tahera Fahimi <fahimitahera@...il.com> > > Signed-off-by: Mickaël Salaün <mic@...ikod.net> > > Link: https://lore.kernel.org/r/20241122143353.59367-19-mic@digikod.net > > --- > > Changes since v1: > > - New patch. > > --- > > security/landlock/audit.c | 8 ++++++ > > security/landlock/audit.h | 2 ++ > > security/landlock/task.c | 58 ++++++++++++++++++++++++++++++++++++--- > > 3 files changed, 64 insertions(+), 4 deletions(-) > > -- > paul-moore.com
Powered by blists - more mailing lists