[PATCH ghak122 v1] audit: store event sockaddr in case of no rules
Richard Guy Briggs
rgb at redhat.com
Tue Jul 14 01:08:14 UTC 2020
On 2020-07-13 20:11, Paul Moore wrote:
> On Mon, Jul 13, 2020 at 7:09 PM Casey Schaufler <casey at schaufler-ca.com> wrote:
> > ... but it does appear that I could switch to using your audit_alloc_local().
>
> In my opinion, linking the audit container ID and LSM stacking
> patchsets would seem like a very big mistake, especially since the
> consolidation you are describing could be done after the fact without
> any disruption to the kernel/userspace interface. I would strongly
> encourage both patchsets to remain self-contained if at all possible
> so as to not jeopardize each other.
I see no need to link them. The audit_alloc_local() patch could stand
on its own to be used by either patchset and doesn't need to be included
in the contid patchset. There is no mention of contid in it. Patches 8
and 11 depend on it so as long as it is already upstream that's fine.
Of course, we could send a fixup patch after both patchsets are accepted
upstream to merge the functionality of the two.
> paul moore
- RGB
--
Richard Guy Briggs <rgb at redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635
More information about the Linux-audit
mailing list