[nf PATCH 2/2] netfilter: nf_tables: Audit log rule reset
Paul Moore
paul at paul-moore.com
Thu Aug 31 02:27:01 UTC 2023
On Tue, Aug 29, 2023 at 2:24 PM Phil Sutter <phil at nwl.cc> wrote:
>
> Resetting rules' stateful data happens outside of the transaction logic,
> so 'get' and 'dump' handlers have to emit audit log entries themselves.
>
> Cc: Richard Guy Briggs <rgb at redhat.com>
> Fixes: 8daa8fde3fc3f ("netfilter: nf_tables: Introduce NFT_MSG_GETRULE_RESET")
> Signed-off-by: Phil Sutter <phil at nwl.cc>
> ---
> include/linux/audit.h | 1 +
> kernel/auditsc.c | 1 +
> net/netfilter/nf_tables_api.c | 18 ++++++++++++++++++
> 3 files changed, 20 insertions(+)
See my comments in patch 1/2.
Acked-by: Paul Moore <paul at paul-moore.com>
--
paul-moore.com
More information about the Linux-audit
mailing list