[GIT PULL] Audit patches for v5.16

From: Paul Moore <pcmoore@umich.edu>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: linux-audit@redhat.com, linux-kernel@vger.kernel.org
Subject: [GIT PULL] Audit patches for v5.16
Date: Mon, 1 Nov 2021 19:59:05 -0400	[thread overview]
Message-ID: <CAEtDzYQHS+j2kN3tys0QM_Myqx5BTLkkcTx6AjHEJh=zzxqY-Q@mail.gmail.com> (raw)

Hi Linus,

Here is the audit pull request for v5.16 with a note about merge
conflicts following the (very) short list of highlight(s) below.

** Highlight

- Add some additional audit logging to capture the openat2() syscall
open_how struct info.  Previous variations of the open()/openat()
syscalls allowed audit admins to inspect the syscall args to get the
information contained in the new open_how struct used in openat2().

** Merge Notes

- I'm expecting three trees to add new audit record types during this
merge window: SELinux, block/device-mapper, and audit.  I've already
talked with the different maintainers and there shouldn't be any
duplicated values, but I expect you will see some merge conflicts in
include/uapi/linux/audit.h; the "correct" values should end up as:

  +#define AUDIT_URINGOP   1336 /* io_uring operation */
  +#define AUDIT_OPENAT2   1337 /* Record showing openat2 how args */
  +#define AUDIT_DM_CTRL   1338 /* Device Mapper target control */
  +#define AUDIT_DM_EVENT  1339 /* Device Mapper events */

Thanks,
-Paul

--
The following changes since commit 6880fa6c56601bb8ed59df6c30fd390cc5f6dd8f:

 Linux 5.15-rc1 (2021-09-12 16:28:37 -0700)

are available in the Git repository at:

 git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git
   tags/audit-pr-20211101

for you to fetch changes up to d9516f346e8b8e9c7dd37976a06a5bde1a871d6f:

 audit: return early if the filter rule has a lower priority
   (2021-10-18 18:34:37 -0400)

----------------------------------------------------------------
audit/stable-5.16 PR 20211101

----------------------------------------------------------------
Cai Huoqing (1):
     audit: Convert to SPDX identifier

Christophe Leroy (1):
     audit: rename struct node to struct audit_node to prevent future name
            collisions

Gaosheng Cui (1):
     audit: return early if the filter rule has a lower priority

Ondrej Mosnacek (1):
     lsm_audit: avoid overloading the "key" audit field

Richard Guy Briggs (3):
     audit: replace magic audit syscall class numbers with macros
     audit: add support for the openat2 syscall
     audit: add OPENAT2 record to list "how" info

MAINTAINERS                        |  1 +
arch/alpha/kernel/audit.c          | 10 +++++---
arch/ia64/kernel/audit.c           | 10 +++++---
arch/parisc/kernel/audit.c         | 10 +++++---
arch/parisc/kernel/compat_audit.c  | 11 +++++---
arch/powerpc/kernel/audit.c        | 12 +++++----
arch/powerpc/kernel/compat_audit.c | 13 ++++++----
arch/s390/kernel/audit.c           | 12 +++++----
arch/s390/kernel/compat_audit.c    | 13 ++++++----
arch/sparc/kernel/audit.c          | 12 +++++----
arch/sparc/kernel/compat_audit.c   | 13 ++++++----
arch/x86/ia32/audit.c              | 13 ++++++----
arch/x86/kernel/audit_64.c         | 10 +++++---
fs/open.c                          |  2 ++
include/linux/audit.h              | 11 ++++++++
include/linux/audit_arch.h         | 24 ++++++++++++++++++
include/uapi/linux/audit.h         |  1 +
kernel/audit.h                     |  2 ++
kernel/audit_tree.c                | 20 +++++++--------
kernel/auditsc.c                   | 51 +++++++++++++++++++-------------
lib/audit.c                        | 14 +++++++----
lib/compat_audit.c                 | 15 +++++++----
security/lsm_audit.c               |  2 +-
23 files changed, 184 insertions(+), 98 deletions(-)
create mode 100644 include/linux/audit_arch.h

-- 
paul moore
www.paul-moore.com

--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit