[PATCH] bpf: emit audit messages upon successful prog load and unload
Jiri Olsa
jolsa at redhat.com
Fri Nov 22 09:35:55 UTC 2019
On Thu, Nov 21, 2019 at 06:41:31PM -0500, Paul Moore wrote:
SNIP
> a common requirement for new audit functionality (link below). I'm
> also fairly certain we don't want this new BPF record to look like how
> you've coded it up in bpf_audit_prog(); duplicating the fields with
> audit_log_task() is wrong, you've either already got them via an
> associated record (which you get from passing non-NULL as the first
> parameter to audit_log_start()), or you don't because there is no
> associated syscall/task (which you get from passing NULL as the first
ok, I'll send change that reflects this.. together with the test
thanks,
jirka
> parameter). Please revert, un-merge, etc. this patch from bpf-next;
> it should not go into Linus' tree as written.
>
> Audit userspace PR:
> * https://github.com/linux-audit/audit-userspace/pull/104
>
> Audit test suite:
> * https://github.com/linux-audit/audit-testsuite
>
> Audit folks, here is a link to the thread in the archives:
> * https://lore.kernel.org/bpf/20191120213816.8186-1-jolsa@kernel.org/T/#u
>
> --
> paul moore
> www.paul-moore.com
>
More information about the Linux-audit
mailing list