[PATCH ghak59 V3 0/4] audit: config_change normalizations and event record gathering

Paul Moore paul at paul-moore.com
Wed Dec 12 12:57:41 UTC 2018 

On Tue, Dec 11, 2018 at 9:45 PM Richard Guy Briggs <rgb at redhat.com> wrote:
> On 2018-12-11 18:26, Paul Moore wrote:
> > On Tue, Dec 11, 2018 at 5:41 PM Richard Guy Briggs <rgb at redhat.com> wrote:
> > > On 2018-12-11 17:31, Paul Moore wrote:
> > > > On Mon, Dec 10, 2018 at 5:18 PM Richard Guy Briggs <rgb at redhat.com> wrote:
> >
> > ...
> >
> > > > > Richard Guy Briggs (4):
> > > > >   audit: give a clue what CONFIG_CHANGE op was involved
> > > > >   audit: add syscall information to CONFIG_CHANGE records
> > > > >   audit: hand taken context to audit_kill_trees for syscall logging
> > > > >   audit: extend config_change mark/watch/tree rule changes
> > > > >
> > > > >  kernel/audit.c          | 33 +++++++++++++++++++++++----------
> > > > >  kernel/audit.h          |  4 ++--
> > > > >  kernel/audit_fsnotify.c |  4 ++--
> > > > >  kernel/audit_tree.c     | 28 +++++++++++++++-------------
> > > > >  kernel/audit_watch.c    |  8 +++++---
> > > > >  kernel/auditfilter.c    |  2 +-
> > > > >  kernel/auditsc.c        | 12 ++++++------
> > > > >  7 files changed, 54 insertions(+), 37 deletions(-)
> > > >
> > > > In order to make sure expectations are set appropriately, as we are at
> > > > -rc6 right now this is not something that would go into audit/next now
> > > > (assuming everything looks okay on review), it would go into
> > > > audit/next *after* the upcoming merge window.
> > >
> > > I agree it is a bit late for this.  I wasn't expecting it to go in this
> > > one.  I'm filling the queue since I'm blocked on other review for
> > > ghak81(5.5wks), ghak90(5.5wks), ghak100(3.5wks).  ghak90 missed another
> > > merge window.
> >
> > As discussed previously, GHAK81
> > (https://github.com/linux-audit/audit-kernel/issues/81) is something
> > that I consider part of the audit container ID work (GHAK90).  I
> > believe it's time to stop treating it as a separate issue.
>
> Fine by me.  It was included in the ghak90 patchset this time and still
> is in v5, waiting to get the questions replied to that arose out of the
> review of v4 around Hallowe'en.

If you knew ([1]) I didn't want GHAK81 treated as a separate issue,
but instead included as part of GHAK90, why did you bother separating
it out in your latest nag emails?

[1]I didn't feel like digging through my sent mail to find out when we
discussed this last so I could include a passive aggressive date, that
exercise is left to the reader.  I'm sure you'll understand.

--
paul moore
www.paul-moore.com

More information about the Linux-audit mailing list