Re: [nf PATCH 2/2] netfilter: nf_tables: Audit log rule reset
On Tue, Aug 29, 2023 at 2:24 PM Phil Sutter <phil(a)nwl.cc> wrote:
Resetting rules' stateful data happens outside of the transaction logic,
so 'get' and 'dump' handlers have to emit audit log entries themselves.
Cc: Richard Guy Briggs <rgb(a)redhat.com>
Fixes: 8daa8fde3fc3f ("netfilter: nf_tables: Introduce NFT_MSG_GETRULE_RESET")
Signed-off-by: Phil Sutter <phil(a)nwl.cc>
---
include/linux/audit.h | 1 +
kernel/auditsc.c | 1 +
net/netfilter/nf_tables_api.c | 18 ++++++++++++++++++
3 files changed, 20 insertions(+)
See my comments in patch 1/2.
Acked-by: Paul Moore <paul(a)paul-moore.com>
--
paul-moore.com