Re: [PATCH] bpf: emit audit messages upon successful prog load and unload

Friday, 22 November 2019

On Thu, Nov 21, 2019 at 06:41:31PM -0500, Paul Moore wrote:

SNIP

...
 a common requirement for new audit functionality (link below). 
I'm
 also fairly certain we don't want this new BPF record to look like how
 you've coded it up in bpf_audit_prog(); duplicating the fields with
 audit_log_task() is wrong, you've either already got them via an
 associated record (which you get from passing non-NULL as the first
 parameter to audit_log_start()), or you don't because there is no
 associated syscall/task (which you get from passing NULL as the first 
ok, I'll send change that reflects this.. together with the test

thanks,
jirka

...
 parameter).  Please revert, un-merge, etc. this patch from bpf-next;
 it should not go into Linus' tree as written.

 Audit userspace PR:
 * https://github.com/linux-audit/audit-userspace/pull/104

 Audit test suite:
 * https://github.com/linux-audit/audit-testsuite

 Audit folks, here is a link to the thread in the archives:
 * https://lore.kernel.org/bpf/20191120213816.8186-1-jolsa@kernel.org/T/#u

 -- 
 paul moore
 www.paul-moore.com

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [PATCH] bpf: emit audit messages upon successful prog load and unload