• Linus Torvalds's avatar
    Merge tag 'audit-pr-20180605' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit · 8b5c6a3a
    Linus Torvalds authored
    Pull audit updates from Paul Moore:
     "Another reasonable chunk of audit changes for v4.18, thirteen patches
      in total.
    
      The thirteen patches can mostly be broken down into one of four
      categories: general bug fixes, accessor functions for audit state
      stored in the task_struct, negative filter matches on executable
      names, and extending the (relatively) new seccomp logging knobs to the
      audit subsystem.
    
      The main driver for the accessor functions from Richard are the
      changes we're working on to associate audit events with containers,
      but I think they have some standalone value too so I figured it would
      be good to get them in now.
    
      The seccomp/audit patches from Tyler apply the seccomp logging
      improvements from a few releases ago to audit's seccomp logging;
      starting with this patchset the changes in
      /proc/sys/kernel/seccomp/actions_logged should apply to both the
      standard kernel logging and audit.
    
      As usual, everything passes the audit-testsuite and it happens to
      merge cleanly with your tree"
    
    [ Heh, except it had trivial merge conflicts with the SELinux tree that
      also came in from Paul   - Linus ]
    
    * tag 'audit-pr-20180605' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit:
      audit: Fix wrong task in comparison of session ID
      audit: use existing session info function
      audit: normalize loginuid read access
      audit: use new audit_context access funciton for seccomp_actions_logged
      audit: use inline function to set audit context
      audit: use inline function to get audit context
      audit: convert sessionid unset to a macro
      seccomp: Don't special case audited processes when logging
      seccomp: Audit attempts to modify the actions_logged sysctl
      seccomp: Configurable separator for the actions_logged string
      seccomp: Separate read and write code for actions_logged sysctl
      audit: allow not equal op for audit by executable
      audit: add syscall information to FEATURE_CHANGE records
    8b5c6a3a
seccomp.c 34.3 KB