)]}' { "log": [ { "commit": "b8800aa5d9c7e4e2869321c77b80f322a0d9663a", "tree": "27bda6447f0b2ab2eec7beafcef090da489222fa", "parents": [ "d29be158a68254f58cf1fbf60ce1e89557a321aa" ], "author": { "name": "Stephen Hemminger", "email": "shemminger@vyatta.com", "time": "Wed Oct 20 17:23:50 2010 -0700" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Oct 30 01:42:19 2010 -0400" }, "message": "audit: make functions static\n\nI was doing some namespace checks and found some simple stuff in\naudit that could be cleaned up. Make some functions static, and\nput const on make_reply payload arg.\n\nSigned-off-by: Stephen Hemminger \u003cshemminger@vyatta.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "939a67fc4cbab8ca11c90da8a769d7e965d66a9b", "tree": "973363dabb2e84aa18e0ce1bbaf794be434e3901", "parents": [ "67640b602f68332a83808426911636e9dbcc71fe" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Dec 17 20:12:06 2009 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Jul 28 09:58:19 2010 -0400" }, "message": "Audit: split audit watch Kconfig\n\nAudit watch should depend on CONFIG_AUDIT_SYSCALL and should select\nFSNOTIFY. This splits the spagetti like mixing of audit_watch and\naudit_filter code so they can be configured seperately.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "a05fb6cc573130915380e00d182a4c6571cec6b2", "tree": "c67e626c5307d89e6d7e65d0b2f9834c3591edb2", "parents": [ "e118e9c5638bbe877aa26b5cd2fd223cc24cdc8a" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Dec 17 20:12:05 2009 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Jul 28 09:58:17 2010 -0400" }, "message": "audit: do not get and put just to free a watch\n\ndeleting audit watch rules is not currently done under audit_filter_mutex.\nIt was done this way because we could not hold the mutex during inotify\nmanipulation. Since we are using fsnotify we don\u0027t need to do the extra\nget/put pair nor do we need the private list on which to store the parents\nwhile they are about to be freed.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "ae7b8f4108bcffb42173f867ce845268c7202d48", "tree": "049d357dcbffe597c77c534ea211c3efd26680e3", "parents": [ "b7ba83715317007962ee318587de92f14e9c3aaa" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Dec 17 20:12:04 2009 -0500" }, "committer": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Wed Jul 28 09:58:16 2010 -0400" }, "message": "Audit: clean up the audit_watch split\n\nNo real changes, just cleanup to the audit_watch split patch which we done\nwith minimal code changes for easy review. Now fix interfaces to make\nthings work better.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "916d75761c971b6e630a26bd4ba472e90ac9a4b9", "tree": "3a4b18d0d29c1d12f64fefbb2bc5559813a686f7", "parents": [ "9d9609851003ebed15957f0f2ce18492739ee124" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Jun 24 00:02:38 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Wed Jun 24 00:02:38 2009 -0400" }, "message": "Fix rule eviction order for AUDIT_DIR\n\nIf syscall removes the root of subtree being watched, we\ndefinitely do not want the rules refering that subtree\nto be destroyed without the syscall in question having\na chance to match them.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "35fe4d0b1b12286a81938e9c5fdfaf639ac0ce5b", "tree": "c520706593fd33748944315bb87d789a7f31960e", "parents": [ "cfcad62c74abfef83762dc05a556d21bdf3980a2" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jun 11 14:31:36 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 23 23:51:05 2009 -0400" }, "message": "Audit: move audit_get_nd completely into audit_watch\n\naudit_get_nd() is only used by audit_watch and could be more cleanly\nimplemented by having the audit watch functions call it when needed rather\nthan making the generic audit rule parsing code deal with those objects.\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "cfcad62c74abfef83762dc05a556d21bdf3980a2", "tree": "d253dbf8dfa4d31379dcd886cc1b41c69921acdd", "parents": [ "ea7ae60bfe39aeedfb29571c47280bf0067ee5f3" ], "author": { "name": "Eric Paris", "email": "eparis@redhat.com", "time": "Thu Jun 11 14:31:36 2009 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 23 23:50:59 2009 -0400" }, "message": "audit: seperate audit inode watches into a subfile\n\nIn preparation for converting audit to use fsnotify instead of inotify we\nseperate the inode watching code into it\u0027s own file. This is similar to\nhow the audit tree watching code is already seperated into audit_tree.c\n\nSigned-off-by: Eric Paris \u003ceparis@redhat.com\u003e\n" }, { "commit": "0590b9335a1c72a3f0defcc6231287f7817e07c8", "tree": "289fa4668ae304f79f7484ac31b2cab0ab8894c1", "parents": [ "1a9d0797b8977d413435277bf9661efbbd584693" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Dec 14 23:45:27 2008 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jan 04 15:14:41 2009 -0500" }, "message": "fixing audit rule ordering mess, part 1\n\nProblem: ordering between the rules on exit chain is currently lost;\nall watch and inode rules are listed after everything else _and_\nexit,never on one kind doesn\u0027t stop exit,always on another from\nbeing matched.\n\nSolution: assign priorities to rules, keep track of the current\nhighest-priority matching rule and its result (always/never).\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "c782f242f0602edf848355d41e3676753c2280c8", "tree": "e7c40c0cb99b64e6874b5e9d2602ff10b9a6597b", "parents": [ "0ef1970d7fcee1b4cb33c5017803e9039bf42db2" ], "author": { "name": "Harvey Harrison", "email": "harvey.harrison@gmail.com", "time": "Sun Apr 27 02:39:17 2008 -0700" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Apr 28 06:28:04 2008 -0400" }, "message": "[PATCH 1/2] audit: move extern declarations to audit.h\n\nLeave audit_sig_{uid|pid|sid} protected by #ifdef CONFIG_AUDITSYSCALL.\n\nNoticed by sparse:\nkernel/audit.c:73:6: warning: symbol \u0027audit_ever_enabled\u0027 was not declared. Should it be static?\nkernel/audit.c:100:8: warning: symbol \u0027audit_sig_uid\u0027 was not declared. Should it be static?\nkernel/audit.c:101:8: warning: symbol \u0027audit_sig_pid\u0027 was not declared. Should it be static?\nkernel/audit.c:102:6: warning: symbol \u0027audit_sig_sid\u0027 was not declared. Should it be static?\nkernel/audit.c:117:23: warning: symbol \u0027audit_ih\u0027 was not declared. Should it be static?\nkernel/auditfilter.c:78:18: warning: symbol \u0027audit_filter_list\u0027 was not declared. Should it be static?\n\nSigned-off-by: Harvey Harrison \u003charvey.harrison@gmail.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "9d57a7f9e23dc30783d245280fc9907cf2c87837", "tree": "508b81e213f5dca1097ccf0ece8ba092b168607b", "parents": [ "d7a96f3a1ae279a2129653d6cb18d722f2f00f91" ], "author": { "name": "Ahmed S. Darwish", "email": "darwish.07@gmail.com", "time": "Sat Mar 01 22:03:14 2008 +0200" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Sat Apr 19 09:53:46 2008 +1000" }, "message": "SELinux: use new audit hooks, remove redundant exports\n\nSetup the new Audit LSM hooks for SELinux.\nRemove the now redundant exported SELinux Audit interface.\n\nAudit: Export \u0027audit_krule\u0027 and \u0027audit_field\u0027 to the public\nsince their internals are needed by the implementation of the\nnew LSM hook \u0027audit_rule_known\u0027.\n\nSigned-off-by: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nSigned-off-by: Ahmed S. Darwish \u003cdarwish.07@gmail.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "74c3cbe33bc077ac1159cadfea608b501e100344", "tree": "4c4023caa4e15d19780255fa5880df3d36eb292c", "parents": [ "455434d450a358ac5bcf3fc58f8913d13c544622" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jul 22 08:04:18 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Oct 21 02:37:45 2007 -0400" }, "message": "[PATCH] audit: watching subtrees\n\nNew kind of audit rule predicates: \"object is visible in given subtree\".\nThe part that can be sanely implemented, that is. Limitations:\n\t* if you have hardlink from outside of tree, you\u0027d better watch\nit too (or just watch the object itself, obviously)\n\t* if you mount something under a watched tree, tell audit\nthat new chunk should be added to watched subtrees\n\t* if you umount something in a watched tree and it\u0027s still mounted\nelsewhere, you will get matches on events happening there. New command\ntells audit to recalculate the trees, trimming such sources of false\npositives.\n\nNote that it\u0027s _not_ about path - if something mounted in several places\n(multiple mount, bindings, different namespaces, etc.), the match does\n_not_ depend on which one we are using for access.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "522ed7767e800cff6c650ec64b0ee0677303119c", "tree": "f65ecb29f2cf885018d3557f840de3ef4be6ec64", "parents": [ "4f27c00bf80f122513d3a5be16ed851573164534" ], "author": { "name": "Miloslav Trmac", "email": "mitr@redhat.com", "time": "Sun Jul 15 23:40:56 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Jul 16 09:05:47 2007 -0700" }, "message": "Audit: add TTY input auditing\n\nAdd TTY input auditing, used to audit system administrator\u0027s actions. This is\nrequired by various security standards such as DCID 6/3 and PCI to provide\nnon-repudiation of administrator\u0027s actions and to allow a review of past\nactions if the administrator seems to overstep their duties or if the system\nbecomes misconfigured for unknown reasons. These requirements do not make it\nnecessary to audit TTY output as well.\n\nCompared to an user-space keylogger, this approach records TTY input using the\naudit subsystem, correlated with other audit events, and it is completely\ntransparent to the user-space application (e.g. the console ioctls still\nwork).\n\nTTY input auditing works on a higher level than auditing all system calls\nwithin the session, which would produce an overwhelming amount of mostly\nuseless audit events.\n\nAdd an \"audit_tty\" attribute, inherited across fork (). Data read from TTYs\nby process with the attribute is sent to the audit subsystem by the kernel.\nThe audit netlink interface is extended to allow modifying the audit_tty\nattribute, and to allow sending explanatory audit events from user-space (for\nexample, a shell might send an event containing the final command, after the\ninteractive command-line editing and history expansion is performed, which\nmight be difficult to decipher from the TTY input alone).\n\nBecause the \"audit_tty\" attribute is inherited across fork (), it would be set\ne.g. for sshd restarted within an audited session. To prevent this, the\naudit_tty attribute is cleared when a process with no open TTY file\ndescriptors (e.g. after daemon startup) opens a TTY.\n\nSee https://www.redhat.com/archives/linux-audit/2007-June/msg00000.html for a\nmore detailed rationale document for an older version of this patch.\n\n[akpm@linux-foundation.org: build fix]\nSigned-off-by: Miloslav Trmac \u003cmitr@redhat.com\u003e\nCc: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nCc: Alan Cox \u003calan@lxorguk.ukuu.org.uk\u003e\nCc: Paul Fulghum \u003cpaulkf@microgate.com\u003e\nCc: Casey Schaufler \u003ccasey@schaufler-ca.com\u003e\nCc: Steve Grubb \u003csgrubb@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "e54dc2431d740a79a6bd013babade99d71b1714f", "tree": "16b0990d5c16946239a17b332f54b5918fb03305", "parents": [ "7f13da40e36c84d0d046b7adbd060af7d3717250" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Thu Mar 29 18:01:04 2007 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri May 11 05:38:25 2007 -0400" }, "message": "[PATCH] audit signal recipients\n\nWhen auditing syscalls that send signals, log the pid and security\ncontext for each target process. Optimize the data collection by\nadding a counter for signal-related rules, and avoiding allocating an\naux struct unless we have more than one target process. For process\ngroups, collect pid/context data in blocks of 16. Move the\naudit_signal_info() hook up in check_kill_permission() so we audit\nattempts where permission is denied.\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "55669bfa141b488be865341ed12e188967d11308", "tree": "efeec37a93f46c48937eb849c083da9a42ed3709", "parents": [ "dc104fb3231f11e95b5a0f09ae3ab27a8fd5b2e8" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu Aug 31 19:26:40 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Sep 11 13:32:30 2006 -0400" }, "message": "[PATCH] audit: AUDIT_PERM support\n\nadd support for AUDIT_PERM predicate\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "5adc8a6adc91c4c85a64c75a70a619fffc924817", "tree": "ace9af6bbc3cf711f43cfd88e834baeb6989ca3f", "parents": [ "9262e9149f346a5443300f8c451b8e7631e81a42" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Wed Jun 14 18:45:21 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sat Jul 01 05:43:06 2006 -0400" }, "message": "[PATCH] add rule filterkey\n\nAdd support for a rule key, which can be used to tie audit records to audit\nrules. This is useful when a watched file is accessed through a link or\nsymlink, as well as for general audit log analysis.\n\nBecause this patch uses a string key instead of an integer key, there is a bit\nof extra overhead to do the kstrdup() when a rule fires. However, we\u0027re also\nallocating memory for the audit record buffer, so it\u0027s probably not that\nsignificant. I went ahead with a string key because it seems more\nuser-friendly.\n\nNote that the user must ensure that filterkeys are unique. The kernel only\nchecks for duplicate rules.\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hpd.com\u003e\n" }, { "commit": "9c937dcc71021f2dbf78f904f03d962dd9bcc130", "tree": "6ab53c1cf1235515307d521cecc4f76afa34e137", "parents": [ "6a2bceec0ea7fdc47aef9a3f2f771c201eaabe5d" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Thu Jun 08 23:19:31 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 20 05:25:28 2006 -0400" }, "message": "[PATCH] log more info for directory entry change events\n\nWhen an audit event involves changes to a directory entry, include\na PATH record for the directory itself. A few other notable changes:\n\n - fixed audit_inode_child() hooks in fsnotify_move()\n - removed unused flags arg from audit_inode()\n - added audit log routines for logging a portion of a string\n\nHere\u0027s some sample output.\n\nbefore patch:\ntype\u003dSYSCALL msg\u003daudit(1149821605.320:26): arch\u003d40000003 syscall\u003d39 success\u003dyes exit\u003d0 a0\u003dbf8d3c7c a1\u003d1ff a2\u003d804e1b8 a3\u003dbf8d3c7c items\u003d1 ppid\u003d739 pid\u003d800 auid\u003d0 uid\u003d0 gid\u003d0 euid\u003d0 suid\u003d0 fsuid\u003d0 egid\u003d0 sgid\u003d0 fsgid\u003d0 tty\u003dttyS0 comm\u003d\"mkdir\" exe\u003d\"/bin/mkdir\" subj\u003droot:system_r:unconfined_t:s0-s0:c0.c255\ntype\u003dCWD msg\u003daudit(1149821605.320:26): cwd\u003d\"/root\"\ntype\u003dPATH msg\u003daudit(1149821605.320:26): item\u003d0 name\u003d\"foo\" parent\u003d164068 inode\u003d164010 dev\u003d03:00 mode\u003d040755 ouid\u003d0 ogid\u003d0 rdev\u003d00:00 obj\u003droot:object_r:user_home_t:s0\n\nafter patch:\ntype\u003dSYSCALL msg\u003daudit(1149822032.332:24): arch\u003d40000003 syscall\u003d39 success\u003dyes exit\u003d0 a0\u003dbfdd9c7c a1\u003d1ff a2\u003d804e1b8 a3\u003dbfdd9c7c items\u003d2 ppid\u003d714 pid\u003d777 auid\u003d0 uid\u003d0 gid\u003d0 euid\u003d0 suid\u003d0 fsuid\u003d0 egid\u003d0 sgid\u003d0 fsgid\u003d0 tty\u003dttyS0 comm\u003d\"mkdir\" exe\u003d\"/bin/mkdir\" subj\u003droot:system_r:unconfined_t:s0-s0:c0.c255\ntype\u003dCWD msg\u003daudit(1149822032.332:24): cwd\u003d\"/root\"\ntype\u003dPATH msg\u003daudit(1149822032.332:24): item\u003d0 name\u003d\"/root\" inode\u003d164068 dev\u003d03:00 mode\u003d040750 ouid\u003d0 ogid\u003d0 rdev\u003d00:00 obj\u003droot:object_r:user_home_dir_t:s0\ntype\u003dPATH msg\u003daudit(1149822032.332:24): item\u003d1 name\u003d\"foo\" inode\u003d164010 dev\u003d03:00 mode\u003d040755 ouid\u003d0 ogid\u003d0 rdev\u003d00:00 obj\u003droot:object_r:user_home_t:s0\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "f368c07d7214a7c41dfceb76c8db473b850f0229", "tree": "e3f1e2d1a6ffbe61bf99ece51b906654728db4c9", "parents": [ "20ca73bc792be9625af184cbec36e1372611d1c3" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Fri Apr 07 16:55:56 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 20 05:25:27 2006 -0400" }, "message": "[PATCH] audit: path-based rules\n\nIn this implementation, audit registers inotify watches on the parent\ndirectories of paths specified in audit rules. When audit\u0027s inotify\nevent handler is called, it updates any affected rules based on the\nfilesystem event. If the parent directory is renamed, removed, or its\nfilesystem is unmounted, audit removes all rules referencing that\ninotify watch.\n\nTo keep things simple, this implementation limits location-based\nauditing to the directory entries in an existing directory. Given\na path-based rule for /foo/bar/passwd, the following table applies:\n\n passwd modified -- audit event logged\n passwd replaced -- audit event logged, rules list updated\n bar renamed -- rule removed\n foo renamed -- untracked, meaning that the rule now applies to\n\t\t the new location\n\nAudit users typically want to have many rules referencing filesystem\nobjects, which can significantly impact filtering performance. This\npatch also adds an inode-number-based rule hash to mitigate this\nsituation.\n\nThe patch is relative to the audit git tree:\nhttp://kernel.org/git/?p\u003dlinux/kernel/git/viro/audit-current.git;a\u003dsummary\nand uses the inotify kernel API:\nhttp://lkml.org/lkml/2006/6/1/145\n\nSigned-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "e1396065e0489f98b35021b97907ab4edbfb24e1", "tree": "a276ea0a2ece9132d435adf1a1f82d0ada1ae938", "parents": [ "473ae30bc7b1dda5c5791c773f95e9424ddfead9" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Thu May 25 10:19:47 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 20 05:25:21 2006 -0400" }, "message": "[PATCH] collect sid of those who send signals to auditd\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "9044e6bca5a4a575d3c068dfccb5651a2d6a13bc", "tree": "e0fa2beb83c3ef4e52cc6c6b28ce3173656f4276", "parents": [ "bc0f3b8ebba611291fdaa2864dbffd2d29336c64" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon May 22 01:09:24 2006 -0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Jun 20 05:25:20 2006 -0400" }, "message": "[PATCH] fix deadlocks in AUDIT_LIST/AUDIT_LIST_RULES\n\nWe should not send a pile of replies while holding audit_netlink_mutex\nsince we hold the same mutex when we receive commands. As the result,\nwe can get blocked while sending and sit there holding the mutex while\nauditctl is unable to send the next command and get around to receiving\nwhat we\u0027d sent.\n\nSolution: create skb and put them into a queue instead of sending;\nonce we are done, send what we\u0027ve got on the list. The former can\nbe done synchronously while we are handling AUDIT_LIST or AUDIT_LIST_RULES;\nwe are holding audit_netlink_mutex at that point. The latter is done\nasynchronously and without messing with audit_netlink_mutex.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "3dc7e3153eddfcf7ba8b50628775ba516e5f759f", "tree": "926957e904739fc6c29e5125b7c1635b9f77548c", "parents": [ "376bd9cb357ec945ac893feaeb63af7370a6e70b" ], "author": { "name": "Darrel Goeddel", "email": "dgoeddel@trustedcs.com", "time": "Fri Mar 10 18:14:06 2006 -0600" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon May 01 06:09:36 2006 -0400" }, "message": "[PATCH] support for context based audit filtering, part 2\n\nThis patch provides the ability to filter audit messages based on the\nelements of the process\u0027 SELinux context (user, role, type, mls sensitivity,\nand mls clearance). It uses the new interfaces from selinux to opaquely\nstore information related to the selinux context and to filter based on that\ninformation. It also uses the callback mechanism provided by selinux to\nrefresh the information when a new policy is loaded.\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "5a0bbce58bb25bd756f7ec437319d6ed2201a18b", "tree": "d8b263248c3eaece9a1c906e02c0795794f480de", "parents": [ "4023e020807ea249ae83f0d1d851b4c7cf0afd8a" ], "author": { "name": "Ingo Molnar", "email": "mingo@elte.hu", "time": "Tue Mar 07 23:51:38 2006 -0800" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:55 2006 -0500" }, "message": "[PATCH] sem2mutex: audit_netlink_sem\n\nSemaphore to mutex conversion.\n\nThe conversion was generated via scripts, and the result was validated\nautomatically via a script as well.\n\nSigned-off-by: Ingo Molnar \u003cmingo@elte.hu\u003e\nCc: David Woodhouse \u003cdwmw2@infradead.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "93315ed6dd12dacfc941f9eb8ca0293aadf99793", "tree": "4fc070c92a1de21d3befe4ce48c733c65d044bb3", "parents": [ "af601e4623d0303bfafa54ec728b7ae8493a8e1b" ], "author": { "name": "Amy Griffis", "email": "amy.griffis@hp.com", "time": "Tue Feb 07 12:05:27 2006 -0500" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:54 2006 -0500" }, "message": "[PATCH] audit string fields interface + consumer\n\nUpdated patch to dynamically allocate audit rule fields in kernel\u0027s\ninternal representation. Added unlikely() calls for testing memory\nallocation result.\n\nAmy Griffis wrote: [Wed Jan 11 2006, 02:02:31PM EST]\n\u003e Modify audit\u0027s kernel-userspace interface to allow the specification\n\u003e of string fields in audit rules.\n\u003e\n\u003e Signed-off-by: Amy Griffis \u003camy.griffis@hp.com\u003e\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n(cherry picked from 5ffc4a863f92351b720fe3e9c5cd647accff9e03 commit)\n" }, { "commit": "fe7752bab26a9ac0651b695ad4f55659761f68f7", "tree": "b2e516a52232c978fc824b226418d8a28460b8a8", "parents": [ "ee436dc46a762f430e37952d375a23d87735f73f" ], "author": { "name": "David Woodhouse", "email": "dwmw2@infradead.org", "time": "Thu Dec 15 18:33:52 2005 +0000" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Mon Mar 20 14:08:54 2006 -0500" }, "message": "[PATCH] Fix audit record filtering with !CONFIG_AUDITSYSCALL\n\nThis fixes the per-user and per-message-type filtering when syscall\nauditing isn\u0027t enabled.\n\n[AV: folded followup fix from the same author]\n\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" } ] }