Re: [PATCH v32 24/28] Audit: Add framework for auxiliary records

(off-list ancestor, not in this archive)
[PATCH v32 00/28] LSM: Module stacking for AppArmor · Casey Schaufler <casey@schaufler-ca.com> · 2022-02-02
[PATCH v32 01/28] integrity: disassociate ima_filter_rule from security_audit_rule · Casey Schaufler <casey@schaufler-ca.com> · 2022-02-02
[PATCH v32 02/28] LSM: Infrastructure management of the sock security · Casey Schaufler <casey@schaufler-ca.com> · 2022-02-02
[PATCH v32 03/28] LSM: Add the lsmblob data structure. · Casey Schaufler <casey@schaufler-ca.com> · 2022-02-02
Re: [PATCH v32 03/28] LSM: Add the lsmblob data structure. · Mickaël Salaün <mic@digikod.net> · 2022-03-04
Re: [PATCH v32 03/28] LSM: Add the lsmblob data structure. · Casey Schaufler <casey@schaufler-ca.com> · 2022-03-04
[PATCH v32 04/28] LSM: provide lsm name and id slot mappings · Casey Schaufler <casey@schaufler-ca.com> · 2022-02-02
[PATCH v32 05/28] IMA: avoid label collisions with stacked LSMs · Casey Schaufler <casey@schaufler-ca.com> · 2022-02-02
[PATCH v32 06/28] LSM: Use lsmblob in security_audit_rule_match · Casey Schaufler <casey@schaufler-ca.com> · 2022-02-03
[PATCH v32 07/28] LSM: Use lsmblob in security_kernel_act_as · Casey Schaufler <casey@schaufler-ca.com> · 2022-02-03
[PATCH v32 08/28] LSM: Use lsmblob in security_secctx_to_secid · Casey Schaufler <casey@schaufler-ca.com> · 2022-02-03
[PATCH v32 09/28] LSM: Use lsmblob in security_secid_to_secctx · Casey Schaufler <casey@schaufler-ca.com> · 2022-02-03
[PATCH v32 10/28] LSM: Use lsmblob in security_ipc_getsecid · Casey Schaufler <casey@schaufler-ca.com> · 2022-02-03
[PATCH v32 11/28] LSM: Use lsmblob in security_current_getsecid · Casey Schaufler <casey@schaufler-ca.com> · 2022-02-03
[PATCH v32 12/28] LSM: Use lsmblob in security_inode_getsecid · Casey Schaufler <casey@schaufler-ca.com> · 2022-02-03
[PATCH v32 13/28] LSM: Use lsmblob in security_cred_getsecid · Casey Schaufler <casey@schaufler-ca.com> · 2022-02-03
[PATCH v32 14/28] LSM: Specify which LSM to display · Casey Schaufler <casey@schaufler-ca.com> · 2022-02-03
[PATCH v32 15/28] LSM: Ensure the correct LSM context releaser · Casey Schaufler <casey@schaufler-ca.com> · 2022-02-03
[PATCH v32 16/28] LSM: Use lsmcontext in security_secid_to_secctx · Casey Schaufler <casey@schaufler-ca.com> · 2022-02-03
[PATCH v32 17/28] LSM: Use lsmcontext in security_inode_getsecctx · Casey Schaufler <casey@schaufler-ca.com> · 2022-02-03
[PATCH v32 18/28] LSM: security_secid_to_secctx in netlink netfilter · Casey Schaufler <casey@schaufler-ca.com> · 2022-02-03
[PATCH v32 19/28] NET: Store LSM netlabel data in a lsmblob · Casey Schaufler <casey@schaufler-ca.com> · 2022-02-03
[PATCH v32 20/28] binder: Pass LSM identifier for confirmation · Casey Schaufler <casey@schaufler-ca.com> · 2022-02-03
[PATCH v32 21/28] LSM: Extend security_secid_to_secctx to include module selection · Casey Schaufler <casey@schaufler-ca.com> · 2022-02-03
[PATCH v32 22/28] Audit: Keep multiple LSM data in audit_names · Casey Schaufler <casey@schaufler-ca.com> · 2022-02-03
[PATCH v32 23/28] Audit: Create audit_stamp structure · Casey Schaufler <casey@schaufler-ca.com> · 2022-02-03
[PATCH v32 24/28] Audit: Add framework for auxiliary records · Casey Schaufler <casey@schaufler-ca.com> · 2022-02-03
Re: [PATCH v32 24/28] Audit: Add framework for auxiliary records · Casey Schaufler <casey@schaufler-ca.com> · 2022-03-02
Re: [PATCH v32 24/28] Audit: Add framework for auxiliary records · Paul Moore <paul@paul-moore.com> · 2022-03-03
Re: [PATCH v32 24/28] Audit: Add framework for auxiliary records · Casey Schaufler <casey@schaufler-ca.com> · 2022-03-03
Re: [PATCH v32 24/28] Audit: Add framework for auxiliary records · Paul Moore <paul@paul-moore.com> · 2022-03-03
Re: [PATCH v32 24/28] Audit: Add framework for auxiliary records · Casey Schaufler <casey@schaufler-ca.com> · 2022-03-03
Re: [PATCH v32 24/28] Audit: Add framework for auxiliary records · Paul Moore <paul@paul-moore.com> · 2022-03-03
Re: [PATCH v32 24/28] Audit: Add framework for auxiliary records · Casey Schaufler <casey@schaufler-ca.com> · 2022-03-04
Re: [PATCH v32 24/28] Audit: Add framework for auxiliary records · Paul Moore <paul@paul-moore.com> · 2022-03-04
[PATCH v32 25/28] Audit: Add record for multiple task security contexts · Casey Schaufler <casey@schaufler-ca.com> · 2022-02-03
[PATCH v32 26/28] Audit: Add record for multiple object security contexts · Casey Schaufler <casey@schaufler-ca.com> · 2022-02-03
Re: [PATCH v32 26/28] Audit: Add record for multiple object security contexts · Paul Moore <paul@paul-moore.com> · 2022-03-03
Re: [PATCH v32 26/28] Audit: Add record for multiple object security contexts · Casey Schaufler <casey@schaufler-ca.com> · 2022-03-04
[PATCH v32 27/28] LSM: Add /proc attr entry for full LSM context · Casey Schaufler <casey@schaufler-ca.com> · 2022-02-03
[PATCH v32 28/28] AppArmor: Remove the exclusive flag · Casey Schaufler <casey@schaufler-ca.com> · 2022-02-03

From: Paul Moore <paul@paul-moore.com>
Date: 2022-03-03 22:27:39
Also in: selinux

On Wed, Mar 2, 2022 at 5:32 PM Casey Schaufler [off-list ref] wrote:

On 2/2/2022 3:53 PM, Casey Schaufler wrote:

quoted

Add a list for auxiliary record data to the audit_buffer structure.
Add the audit_stamp information to the audit_buffer as there's no
guarantee that there will be an audit_context containing the stamp
associated with the event. At audit_log_end() time create auxiliary
records (none are currently defined) as have been added to the list.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>

I'm really hoping for either Acks or feedback on this approach.

The only callers that make use of this functionality in this patchset
is in kernel/audit*.c in patches 25/28 and 26/28, yes?

-- 
paul-moore.com

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help