Received: by 10.192.165.148 with SMTP id m20csp1107111imm; Wed, 2 May 2018 14:18:06 -0700 (PDT) X-Google-Smtp-Source: AB8JxZqQyGxczaTXurXw+aynNAWS6UjoLQUGOYle1N0mzAzoVZawihgLvNaEm5bDqWDCk1Hwym/K X-Received: by 2002:a17:902:7d86:: with SMTP id a6-v6mr22197866plm.264.1525295886642; Wed, 02 May 2018 14:18:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525295886; cv=none; d=google.com; s=arc-20160816; b=RDQ/0hI+imu9ChyTx4cpxTbAe6rw4Kgzocu/n6jOUPEYTGQQu5XCDHqqlaVbZ5NaAX rhO277gHvBL3Cin6exZQkSF64tWIUZTlsJ0DzDwfvBuKE7oP81hCw+JKytILfDRLcEpJ UgYV2SbpBJbAFsdn7r/Z9BcXPkANgzE6lxdg+wmWzYMjyaShAMEuId0ipPVJqrKTMt5+ t2Whhqo6Xos0H3Yv7wUZjpdKXS7aPsxLqv15gicq9sYjSoF5So2ot4ppqO8mdUU17DG+ LdrT2pizCvGalCTqqcRFoa5H9dTf1E35qGLy+i3V01r8CzTMJLbETcsGi+mXGsI3qpGd +n4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date :arc-authentication-results; bh=4rC2sm+xprYKhgJCIhH5cXRlI4GZbqL401oINwzb/9Y=; b=P3EgBmN5J/Qi/N88NgBNALmYWpJ0aHD7ZrRfNy7R9v++55mVUJRUHD6OQnxOHomMvZ 97DmmENyLMQ+kvoTC10dpAsNUnX+6/dxzTN3QV6R/SXzIB4uNtzTQlySv4XsQhVHRA8T TBDAXDOu+nOwcFXylmbuUmRWVDgzN0U/GVh4JCKfmm4BXdIimuEY+El+ezrt+HPXiUcm 6lk9bVNIetc4uXmXkt/fET/rfBhAOxc0f8ycwdR/w9HqpFBDh3CIe4diTZvpuiCneA3u AxjdUYQsKxX6lTUi+RVLAN0Bn6PK1rPjU5gWOzMpM0v+8syTWp+Q+jmvST6BMPiK0QF2 MilQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g9-v6si9957580pgv.218.2018.05.02.14.17.52; Wed, 02 May 2018 14:18:06 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751763AbeEBVRo (ORCPT + 99 others); Wed, 2 May 2018 17:17:44 -0400 Received: from namei.org ([65.99.196.166]:59200 "EHLO namei.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751294AbeEBVRm (ORCPT ); Wed, 2 May 2018 17:17:42 -0400 Received: from localhost (localhost [127.0.0.1]) by namei.org (8.14.4/8.14.4) with ESMTP id w42LHbn8032096; Wed, 2 May 2018 21:17:37 GMT Date: Thu, 3 May 2018 07:17:37 +1000 (AEST) From: James Morris To: Tyler Hicks cc: linux-kernel@vger.kernel.org, Kees Cook , Andy Lutomirski , Will Drewry , Paul Moore , Eric Paris , Steve Grubb , Jonathan Corbet , linux-audit@redhat.com, linux-security-module@vger.kernel.org, linux-doc@vger.kernel.org Subject: Re: [PATCH v2 3/4] seccomp: Audit attempts to modify the actions_logged sysctl In-Reply-To: <1525276400-7161-4-git-send-email-tyhicks@canonical.com> Message-ID: References: <1525276400-7161-1-git-send-email-tyhicks@canonical.com> <1525276400-7161-4-git-send-email-tyhicks@canonical.com> User-Agent: Alpine 2.21 (LRH 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 2 May 2018, Tyler Hicks wrote: > type=CONFIG_CHANGE msg=audit(1525275325.613:142): op=seccomp-logging > actions=kill_process,kill_thread,errno,trace,log > old-actions=kill_process,kill_thread,errno,trace,log res=1 > > No audit records are generated when reading the actions_logged sysctl. > > Suggested-by: Steve Grubb > Signed-off-by: Tyler Hicks Reviewed-by: James Morris -- James Morris