Re: [PATCH v20 20/23] Audit: Add new record for multiple process LSM attributes

(off-list ancestor, not in this archive)
[PATCH v20 00/23] LSM: Module stacking for AppArmor · Casey Schaufler <casey@schaufler-ca.com> · 2020-08-26
[PATCH v20 01/23] LSM: Infrastructure management of the sock security · Casey Schaufler <casey@schaufler-ca.com> · 2020-08-26
[PATCH v20 02/23] LSM: Create and manage the lsmblob data structure. · Casey Schaufler <casey@schaufler-ca.com> · 2020-08-26
Re: [PATCH v20 02/23] LSM: Create and manage the lsmblob data structure. · Paul Moore <paul@paul-moore.com> · 2020-09-04
[PATCH v20 03/23] LSM: Use lsmblob in security_audit_rule_match · Casey Schaufler <casey@schaufler-ca.com> · 2020-08-26
Re: [PATCH v20 03/23] LSM: Use lsmblob in security_audit_rule_match · Paul Moore <paul@paul-moore.com> · 2020-09-04
[PATCH v20 04/23] LSM: Use lsmblob in security_kernel_act_as · Casey Schaufler <casey@schaufler-ca.com> · 2020-08-26
Re: [PATCH v20 04/23] LSM: Use lsmblob in security_kernel_act_as · Paul Moore <paul@paul-moore.com> · 2020-09-04
[PATCH v20 05/23] net: Prepare UDS for security module stacking · Casey Schaufler <casey@schaufler-ca.com> · 2020-08-26
Re: [PATCH v20 05/23] net: Prepare UDS for security module stacking · James Morris <jmorris@namei.org> · 2020-09-03
Re: [PATCH v20 05/23] net: Prepare UDS for security module stacking · Paul Moore <paul@paul-moore.com> · 2020-09-04
Re: [PATCH v20 05/23] net: Prepare UDS for security module stacking · Casey Schaufler <casey@schaufler-ca.com> · 2020-09-04
Re: [PATCH v20 05/23] net: Prepare UDS for security module stacking · Paul Moore <paul@paul-moore.com> · 2020-09-04
Re: [PATCH v20 05/23] net: Prepare UDS for security module stacking · Casey Schaufler <casey@schaufler-ca.com> · 2020-09-04
Re: [PATCH v20 05/23] net: Prepare UDS for security module stacking · Paul Moore <paul@paul-moore.com> · 2020-09-05
Re: [PATCH v20 05/23] net: Prepare UDS for security module stacking · Casey Schaufler <casey@schaufler-ca.com> · 2020-09-05
Re: [PATCH v20 05/23] net: Prepare UDS for security module stacking · John Johansen <john.johansen@canonical.com> · 2020-09-05
Re: [PATCH v20 05/23] net: Prepare UDS for security module stacking · Stephen Smalley <stephen.smalley.work@gmail.com> · 2020-09-08
Re: [PATCH v20 05/23] net: Prepare UDS for security module stacking · Stephen Smalley <stephen.smalley.work@gmail.com> · 2020-09-08
Re: [PATCH v20 05/23] net: Prepare UDS for security module stacking · Casey Schaufler <casey@schaufler-ca.com> · 2020-09-08
Re: [PATCH v20 05/23] net: Prepare UDS for security module stacking · John Johansen <john.johansen@canonical.com> · 2020-09-09
Re: [PATCH v20 05/23] net: Prepare UDS for security module stacking · Stephen Smalley <stephen.smalley.work@gmail.com> · 2020-09-09
Re: [PATCH v20 05/23] net: Prepare UDS for security module stacking · Casey Schaufler <casey@schaufler-ca.com> · 2020-09-09
Re: [PATCH v20 05/23] net: Prepare UDS for security module stacking · John Johansen <john.johansen@canonical.com> · 2020-09-09
Re: [PATCH v20 05/23] net: Prepare UDS for security module stacking · John Johansen <john.johansen@canonical.com> · 2020-09-09
Re: [PATCH v20 05/23] net: Prepare UDS for security module stacking · Paul Moore <paul@paul-moore.com> · 2020-09-10
Re: [PATCH v20 05/23] net: Prepare UDS for security module stacking · John Johansen <john.johansen@canonical.com> · 2020-09-09
[PATCH v20 06/23] LSM: Use lsmblob in security_secctx_to_secid · Casey Schaufler <casey@schaufler-ca.com> · 2020-08-26
Re: [PATCH v20 06/23] LSM: Use lsmblob in security_secctx_to_secid · Paul Moore <paul@paul-moore.com> · 2020-09-04
[PATCH v20 07/23] LSM: Use lsmblob in security_secid_to_secctx · Casey Schaufler <casey@schaufler-ca.com> · 2020-08-26
Re: [PATCH v20 07/23] LSM: Use lsmblob in security_secid_to_secctx · Paul Moore <paul@paul-moore.com> · 2020-09-04
[PATCH v20 08/23] LSM: Use lsmblob in security_ipc_getsecid · Casey Schaufler <casey@schaufler-ca.com> · 2020-08-26
Re: [PATCH v20 08/23] LSM: Use lsmblob in security_ipc_getsecid · Paul Moore <paul@paul-moore.com> · 2020-09-05
[PATCH v20 09/23] LSM: Use lsmblob in security_task_getsecid · Casey Schaufler <casey@schaufler-ca.com> · 2020-08-26
Re: [PATCH v20 09/23] LSM: Use lsmblob in security_task_getsecid · Paul Moore <paul@paul-moore.com> · 2020-09-05
[PATCH v20 10/23] LSM: Use lsmblob in security_inode_getsecid · Casey Schaufler <casey@schaufler-ca.com> · 2020-08-26
Re: [PATCH v20 10/23] LSM: Use lsmblob in security_inode_getsecid · Paul Moore <paul@paul-moore.com> · 2020-09-05
[PATCH v20 11/23] LSM: Use lsmblob in security_cred_getsecid · Casey Schaufler <casey@schaufler-ca.com> · 2020-08-26
[PATCH v20 12/23] IMA: Change internal interfaces to use lsmblobs · Casey Schaufler <casey@schaufler-ca.com> · 2020-08-26
Re: [PATCH v20 12/23] IMA: Change internal interfaces to use lsmblobs · Paul Moore <paul@paul-moore.com> · 2020-09-06
[PATCH v20 13/23] LSM: Specify which LSM to display · Casey Schaufler <casey@schaufler-ca.com> · 2020-08-26
[PATCH v20 14/23] LSM: Ensure the correct LSM context releaser · Casey Schaufler <casey@schaufler-ca.com> · 2020-08-26
Re: [PATCH v20 14/23] LSM: Ensure the correct LSM context releaser · Paul Moore <paul@paul-moore.com> · 2020-09-06
[PATCH v20 15/23] LSM: Use lsmcontext in security_secid_to_secctx · Casey Schaufler <casey@schaufler-ca.com> · 2020-08-26
[PATCH v20 16/23] LSM: Use lsmcontext in security_inode_getsecctx · Casey Schaufler <casey@schaufler-ca.com> · 2020-08-26
Re: [PATCH v20 16/23] LSM: Use lsmcontext in security_inode_getsecctx · Paul Moore <paul@paul-moore.com> · 2020-09-06
[PATCH v20 17/23] LSM: security_secid_to_secctx in netlink netfilter · Casey Schaufler <casey@schaufler-ca.com> · 2020-08-26
Re: [PATCH v20 17/23] LSM: security_secid_to_secctx in netlink netfilter · Paul Moore <paul@paul-moore.com> · 2020-09-06
Re: [PATCH v20 17/23] LSM: security_secid_to_secctx in netlink netfilter · Pablo Neira Ayuso <pablo@netfilter.org> · 2020-09-08
[PATCH v20 18/23] NET: Store LSM netlabel data in a lsmblob · Casey Schaufler <casey@schaufler-ca.com> · 2020-08-26
Re: [PATCH v20 18/23] NET: Store LSM netlabel data in a lsmblob · Paul Moore <paul@paul-moore.com> · 2020-09-06
[PATCH v20 19/23] LSM: Verify LSM display sanity in binder · Casey Schaufler <casey@schaufler-ca.com> · 2020-08-26
Re: [PATCH v20 19/23] LSM: Verify LSM display sanity in binder · Paul Moore <paul@paul-moore.com> · 2020-09-06
[PATCH v20 20/23] Audit: Add new record for multiple process LSM attributes · Casey Schaufler <casey@schaufler-ca.com> · 2020-08-26
Re: [PATCH v20 20/23] Audit: Add new record for multiple process LSM attributes · James Morris <jmorris@namei.org> · 2020-09-03
Re: [PATCH v20 20/23] Audit: Add new record for multiple process LSM attributes · John Johansen <john.johansen@canonical.com> · 2020-09-03
Re: [PATCH v20 20/23] Audit: Add new record for multiple process LSM attributes · Paul Moore <paul@paul-moore.com> · 2020-09-03
Re: [PATCH v20 20/23] Audit: Add new record for multiple process LSM attributes · Paul Moore <paul@paul-moore.com> · 2020-09-06
[PATCH v20 21/23] Audit: Add a new record for multiple object LSM attributes · Casey Schaufler <casey@schaufler-ca.com> · 2020-08-26
[PATCH v20 22/23] LSM: Add /proc attr entry for full LSM context · Casey Schaufler <casey@schaufler-ca.com> · 2020-08-26
Re: [PATCH v20 22/23] LSM: Add /proc attr entry for full LSM context · Randy Dunlap <hidden> · 2020-08-26
[PATCH v20 23/23] AppArmor: Remove the exclusive flag · Casey Schaufler <casey@schaufler-ca.com> · 2020-08-26
Re: [PATCH v20 00/23] LSM: Module stacking for AppArmor · Casey Schaufler <casey@schaufler-ca.com> · 2020-08-26

From: Paul Moore <paul@paul-moore.com>
Date: 2020-09-03 21:49:44
Also in: selinux

On Thu, Sep 3, 2020 at 12:32 PM James Morris [off-list ref] wrote:

On Wed, 26 Aug 2020, Casey Schaufler wrote:

quoted

Create a new audit record type to contain the subject information
when there are multiple security modules that require such data.
This record is linked with the same timestamp and serial number.
The record is produced only in cases where there is more than one
security module with a process "context".

Before this change the only audit events that required multiple
records were syscall events. Several non-syscall events include
subject contexts, so the use of audit_context data has been expanded
as necessary.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: linux-audit@redhat.com

Paul, can you review/ack the audit changes?

I did a previous version at some point in the past, I'll take a look
at v20 tomorrow or this weekend.

-- 
paul moore
www.paul-moore.com

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help