From: Paul Moore <pcmoore@umich.edu>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: linux-audit@redhat.com, linux-kernel@vger.kernel.org
Subject: [GIT PULL] Audit patches for v5.16
Date: Mon, 1 Nov 2021 19:59:05 -0400 [thread overview]
Message-ID: <CAEtDzYQHS+j2kN3tys0QM_Myqx5BTLkkcTx6AjHEJh=zzxqY-Q@mail.gmail.com> (raw)
Hi Linus,
Here is the audit pull request for v5.16 with a note about merge
conflicts following the (very) short list of highlight(s) below.
** Highlight
- Add some additional audit logging to capture the openat2() syscall
open_how struct info. Previous variations of the open()/openat()
syscalls allowed audit admins to inspect the syscall args to get the
information contained in the new open_how struct used in openat2().
** Merge Notes
- I'm expecting three trees to add new audit record types during this
merge window: SELinux, block/device-mapper, and audit. I've already
talked with the different maintainers and there shouldn't be any
duplicated values, but I expect you will see some merge conflicts in
include/uapi/linux/audit.h; the "correct" values should end up as:
+#define AUDIT_URINGOP 1336 /* io_uring operation */
+#define AUDIT_OPENAT2 1337 /* Record showing openat2 how args */
+#define AUDIT_DM_CTRL 1338 /* Device Mapper target control */
+#define AUDIT_DM_EVENT 1339 /* Device Mapper events */
Thanks,
-Paul
--
The following changes since commit 6880fa6c56601bb8ed59df6c30fd390cc5f6dd8f:
Linux 5.15-rc1 (2021-09-12 16:28:37 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git
tags/audit-pr-20211101
for you to fetch changes up to d9516f346e8b8e9c7dd37976a06a5bde1a871d6f:
audit: return early if the filter rule has a lower priority
(2021-10-18 18:34:37 -0400)
----------------------------------------------------------------
audit/stable-5.16 PR 20211101
----------------------------------------------------------------
Cai Huoqing (1):
audit: Convert to SPDX identifier
Christophe Leroy (1):
audit: rename struct node to struct audit_node to prevent future name
collisions
Gaosheng Cui (1):
audit: return early if the filter rule has a lower priority
Ondrej Mosnacek (1):
lsm_audit: avoid overloading the "key" audit field
Richard Guy Briggs (3):
audit: replace magic audit syscall class numbers with macros
audit: add support for the openat2 syscall
audit: add OPENAT2 record to list "how" info
MAINTAINERS | 1 +
arch/alpha/kernel/audit.c | 10 +++++---
arch/ia64/kernel/audit.c | 10 +++++---
arch/parisc/kernel/audit.c | 10 +++++---
arch/parisc/kernel/compat_audit.c | 11 +++++---
arch/powerpc/kernel/audit.c | 12 +++++----
arch/powerpc/kernel/compat_audit.c | 13 ++++++----
arch/s390/kernel/audit.c | 12 +++++----
arch/s390/kernel/compat_audit.c | 13 ++++++----
arch/sparc/kernel/audit.c | 12 +++++----
arch/sparc/kernel/compat_audit.c | 13 ++++++----
arch/x86/ia32/audit.c | 13 ++++++----
arch/x86/kernel/audit_64.c | 10 +++++---
fs/open.c | 2 ++
include/linux/audit.h | 11 ++++++++
include/linux/audit_arch.h | 24 ++++++++++++++++++
include/uapi/linux/audit.h | 1 +
kernel/audit.h | 2 ++
kernel/audit_tree.c | 20 +++++++--------
kernel/auditsc.c | 51 +++++++++++++++++++-------------
lib/audit.c | 14 +++++++----
lib/compat_audit.c | 15 +++++++----
security/lsm_audit.c | 2 +-
23 files changed, 184 insertions(+), 98 deletions(-)
create mode 100644 include/linux/audit_arch.h
--
paul moore
www.paul-moore.com
--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit
next reply other threads:[~2021-11-02 12:50 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-01 23:59 Paul Moore [this message]
2021-11-02 4:21 ` [GIT PULL] Audit patches for v5.16 pr-tracker-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAEtDzYQHS+j2kN3tys0QM_Myqx5BTLkkcTx6AjHEJh=zzxqY-Q@mail.gmail.com' \
--to=pcmoore@umich.edu \
--cc=linux-audit@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).