[PATCH] audit: suppress stock memalloc failure warnings since already managed
by Richard Guy Briggs
Supress the stock memory allocation failure warnings for audit buffers
since audit alreay takes care of memory allocation failure warnings, including
rate-limiting, in audit_log_start().
Signed-off-by: Richard Guy Briggs <rgb(a)redhat.com>
---
security/lsm_audit.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/security/lsm_audit.c b/security/lsm_audit.c
index 8d8d97d..b0f249d 100644
--- a/security/lsm_audit.c
+++ b/security/lsm_audit.c
@@ -396,7 +396,8 @@ void common_lsm_audit(struct common_audit_data *a,
if (a == NULL)
return;
/* we use GFP_ATOMIC so we won't sleep */
- ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_AVC);
+ ab = audit_log_start(current->audit_context, GFP_ATOMIC | __GFP_NOWARN,
+ AUDIT_AVC);
if (ab == NULL)
return;
--
1.7.1
11 years, 2 months
audit + php-fpm
by ja ja
Auditd can't catch changes make by php-fpm, when I use bash everything
works fine but when I use script like this :
<?php
mkdir('kat123');
?>
audit.log show nothing
This is my audit.rules :
-a exit,never -F dir=/var/www/temp/
-a exit,always -F dir=/var/www/ -F perm=wa -k www
How does PHP-FPM alter a file and escape detection by auditd? Is this
auditd bug.
11 years, 2 months
[PATCH 0/2] netlink related fixes
by Mathias Krause
This series fixes two issues of the netlink interface -- one info leak
and a wrong size check.
Please apply!
Mathias Krause (2):
audit: fix info leak in AUDIT_GET requests
audit: use nlmsg_len() to get message payload length
kernel/audit.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--
1.7.10.4
11 years, 2 months
[Fwd: [PATCH] audit: remove duplicate inclusion of the netlink header]
by Eric Paris
Forwarding message accidentally sent only to me to the list. I have not
reviewed this patch.
-------- Forwarded Message --------
> From: Matvejchikov Ilya <matvejchikov(a)gmail.com>
> Reply-to: matvejchikov(a)gmail.com
> To: eparis(a)redhat.com
> Subject: [PATCH] audit: remove duplicate inclusion of the netlink
> header
> Date: Sun, 29 Sep 2013 15:55:17 +0400
>
>
>
11 years, 2 months
