[GIT PULL] Audit patches for v5.3

From: Paul Moore
Date: Tue Jul 02 2019 - 13:28:48 EST

Hi Linus,

This PR is a bit early, but with some vacation time coming up I wanted
to send this out now just in case the remote Internet Gods decide not
to smile on me once the merge window opens. The patchset for v5.3 is
pretty minor this time, the highlights include:

- When the audit daemon is sent a signal, ensure we deliver
information about the sender even when syscall auditing is not

- Add the ability to filter audit records based on network address family.

- Tighten the audit field filtering restrictions on string based fields.

- Cleanup the audit field filtering verification code.

- Remove a few BUG() calls from the audit code.

Please pull this once the merge window opens,

The following changes since commit a188339ca5a396acc588e5851ed7e19f66b0ebd9:

Linux 5.2-rc1 (2019-05-19 15:47:09 -0700)

are available in the Git repository at:


for you to fetch changes up to 839d05e413856bd686a33b59294d4e8238169320:

audit: remove the BUG() calls in the audit rule comparison functions
(2019-05-30 12:53:42 -0400)

audit/stable-5.3 PR 20190702

Paul Moore (1):
audit: remove the BUG() calls in the audit rule comparison functions

Richard Guy Briggs (4):
audit: deliver signal_info regarless of syscall
audit: re-structure audit field valid checks
audit: add saddr_fam filter field
audit: enforce op for string fields

include/linux/audit.h | 9 +++++++
include/uapi/linux/audit.h | 1 +
kernel/audit.c | 27 +++++++++++++++++++++
kernel/audit.h | 8 ++++--
kernel/auditfilter.c | 62 ++++++++++++++++++++++++++---------------
kernel/auditsc.c | 42 +++++++++++++++++---------------
kernel/signal.c | 2 +-
7 files changed, 105 insertions(+), 46 deletions(-)

paul moore