Re: [PATCH v3] IMA: Add audit log for failure conditions

From: Lakshmi Ramasubramanian
Date: Tue Jun 09 2020 - 14:03:36 EST

Next message: Greg Kroah-Hartman: "[PATCH 5.4 28/34] x86/cpu: Add a steppings field to struct x86_cpu_id"
Previous message: Greg Kroah-Hartman: "[PATCH 4.19 07/25] net: check untrusted gso_size at kernel entry"
In reply to: Steve Grubb: "Re: [PATCH v3] IMA: Add audit log for failure conditions"
Next in thread: Mimi Zohar: "Re: [PATCH v3] IMA: Add audit log for failure conditions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 6/9/20 10:35 AM, Steve Grubb wrote:

If it is added, it should be appended to the end of the record since it
is an existing record format, then in the case of res=1, errno= should
still be present (not swing in and out) and just contain zero. (Or
another value if there is a non-fatal warning?)

This is not a searchable field, so it can go anywhere. If it is searchable,
ausearch expects ordering of other searchable fields.

Thank you for the clarification Steve.

I'll add "errno=" right after "cause=".

Also, "errno" will always be present - will be set to 0 if status is "success" (res=1) and a non-zero value for failure (res=0)

thanks,
-lakshmi

Next message: Greg Kroah-Hartman: "[PATCH 5.4 28/34] x86/cpu: Add a steppings field to struct x86_cpu_id"
Previous message: Greg Kroah-Hartman: "[PATCH 4.19 07/25] net: check untrusted gso_size at kernel entry"
In reply to: Steve Grubb: "Re: [PATCH v3] IMA: Add audit log for failure conditions"
Next in thread: Mimi Zohar: "Re: [PATCH v3] IMA: Add audit log for failure conditions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]