Re: [PATCH 0/5] Add support for sessionid user filters, sessionid_set and loginuid_set

On Tuesday, August 2, 2016 8:56:35 AM EDT Richard Guy Briggs wrote: > On 2016-08-02 08:16, Steve Grubb wrote: > > On Tuesday, August 2, 2016 5:38:56 AM EDT Richard Guy Briggs wrote: > > > Add support for sessionid, sessionid_set (first two patches) and > > > loginuid_set (and auid_set) (third patch) in user filters. The first > > > > > > two are directly related to issue "ghak4": > > > https://github.com/linux-audit/audit-kernel/issues/4 > > > https://github.com/linux-audit/audit-kernel/wiki/RFE-Session-ID-> > > > > > User-Filter > > > > > > The third is to support a kernel change from 3.10 and 3.19 to avoid > > > using in-band values to indicate the loginuid is unset. > > > > Have the above three patches been tested on old kernels? > > Not yet. How do you usually add new features to userspace to guard > against missing features from old kernels? Time to add a bit to the > kenrel audit status feature field? Yes. Otherwise you get EINVAL which doesn't let you explain what exactly is wrong with the rule.