Hi Linus,
We've got an audit fix, and unfortunately it is two things I don't
like: big and based on a -rcX tag. The size of the patch is
(hopefully) explained well in the patch description, the -rcX base is
to get access to code not present in the v4.11 pull request
(audit/next is still based off v4.8; I'll be updating soon). While
I'm not excited that we need to be sending you something this large
during the -rcX phase, it does fix some very real, and very tangled,
problems relating to locking, backlog queues, and the audit daemon
connection.
This code has passed our testsuite without problem and it has held up
to my ad-hoc stress tests (arguably better than the existing code),
please consider pulling this as fix for the next v4.11-rcX tag.
Thanks,
-Paul
---
The following changes since commit 97da3854c526d3a6ee05c849c96e48d21527606c:
Linux 4.11-rc3 (2017-03-19 19:09:39 -0700)
are available in the git repository at:
git://git.infradead.org/users/pcmoore/audit stable-4.11
for you to fetch changes up to 5b52330bbfe63b3305765354d6046c9f7f89c011:
audit: fix auditd/kernel connection state tracking (2017-03-21 11:26:35 -0400)
----------------------------------------------------------------
Paul Moore (1):
audit: fix auditd/kernel connection state tracking
kernel/audit.c | 639 ++++++++++++++++++++++++++++++++++---------------------
kernel/audit.h | 9 +-
kernel/auditsc.c | 6 +-
3 files changed, 399 insertions(+), 255 deletions(-)
It would appear that I left off the magic "[GIT PULL]" subject prefix
in my last message. I suppose this is one more reason why one
shouldn't send pull requests past 5:00p on a Friday.
--
paul moore
security @ redhat