Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1816016imu; Wed, 12 Dec 2018 04:59:04 -0800 (PST) X-Google-Smtp-Source: AFSGD/XOktwdaqOYGf/UItag/nyGohSTSIhzgY91V0ADlsPrSBISc+MyInjCdzHS3IQWyqzwHF2s X-Received: by 2002:a17:902:24d:: with SMTP id 71mr19198243plc.225.1544619544515; Wed, 12 Dec 2018 04:59:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544619544; cv=none; d=google.com; s=arc-20160816; b=rDZOrkiaAjWULlZlmMibKORc3N7V6ci7O8iD7a79WliL5pA+65cwkwJ7k8MNeeywlD z611oCf2LoOtReZJJQrO81bqyiMYg2dYKXv8GXAZtwBK/VQoPc1jqly5A6f131NXy4f2 vn2/XGK1cYzWeFC76AgG08fyyQlA1nBHT5keK+nPV/aieelU1KeTRLtT1eOux5RgXYox hKLsCi1BI7ihCrMmwEgYvqgn5j/qMOjkqMo+vy6CJWswj0Lcv0bBcDp23+oQfiPkVnRJ pSzYcHCV0rn8bRoBGztoQj5rpjfGEoUP9VhVkLdKC0E7vvjXUh52m/XdmYdn9nlr5C84 33KA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=RJI5mXglmLLeuDuDIzwfHoLpvAjlwOEXgpe3x/GSLAg=; b=FnCTRWqfyZ1wB9MStSldpr7nj+DUoVo9jnYU7NFMF3Hr5u1w7vED5OY0BtO5xptf+t ylbQ75SMGljqv2UG+bn16xR4Idn60m6HFRc69XYNOZFZ+jjY/dwIK5rikbIcdYytRoj6 QftPs+HbmR/oNvSppfIoi/ONyDNtnKLVjpFMCMw1WAsnldleWJlIuTAE4yzhm4JS3LR4 H2qIaP4s/FBoUrlRqdFUsP+GuWDiYx2uiQYLqpsHoJaSMIWyvDQLdvXdackmd5PtUPeF Fu0jHU9xKE8fL3oHj4SBWgiInepDkVYTdXBMFlqH57b6Qop89I9OB02iFHUuQx4jq9KO o6sA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=hd6qsrUy; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g17si14489373pgi.578.2018.12.12.04.58.48; Wed, 12 Dec 2018 04:59:04 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=hd6qsrUy; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727427AbeLLM54 (ORCPT + 99 others); Wed, 12 Dec 2018 07:57:56 -0500 Received: from mail-lf1-f66.google.com ([209.85.167.66]:34311 "EHLO mail-lf1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727091AbeLLM5z (ORCPT ); Wed, 12 Dec 2018 07:57:55 -0500 Received: by mail-lf1-f66.google.com with SMTP id p6so13465217lfc.1 for ; Wed, 12 Dec 2018 04:57:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=RJI5mXglmLLeuDuDIzwfHoLpvAjlwOEXgpe3x/GSLAg=; b=hd6qsrUyz2giHhN6yPGD9k+1rv0T2CiaPR+E7WKv+Cu7V55U6tIT4dtpllK+ir7bjc I9hKIT3/hTrAxWv8pwuFJhkuDaaeUtz7HYfzweajtkWhnwcfHXwS53p8LGOOfsYKZvhL ja7joUgFkucs+zQYFIjFysIlZPwMz3MP73x9zWk6I/hiud7ST4qAB4eEtowoZGRsKgtl UbywYEC+r5B41OrKaP13QxX4M9vUnrkCoM+pzzO7Ck18fLsajEiqYlK3uCgh9jhBwxKI lsGiO4G5a18XNRaTEm4gJRiT82SnL0/TaG2BhowO0+vLpplJBCxEOLhUqOYs1R/R4d53 W/mA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=RJI5mXglmLLeuDuDIzwfHoLpvAjlwOEXgpe3x/GSLAg=; b=cBAsVJyGbu3BzLLg7+2wZ33hlciVbf2Dk7bUv6htvqMs9gBQWMiZs0Lsi5NOwKCcyG G9Kt68b3uG4inZRUj70BR3lhlxxAWUoeF6TdV+07oDvdeKTq2yCm9YNQ2kO/KFLmhC2Q vLS+z4p056MRNVsB47yzvmltkGik1GhKmsoSpoRXBYh3fOSZAkhltW8+8acNfDdDy1QD 8UrZhnWcaDejrAH6S9W22UPwnSEFMm1f0VvBlClfj/NWKU+v48vU5EQ7rGjYZy7VWd3z M2QCsALLlTFzMb0pKlylCG+uEQr2V6IzWHgZrqSxNUd+CB80VYdvbwyTM+9rifgpqlh4 KbsA== X-Gm-Message-State: AA+aEWaOsubNqFr0Y3NGMynD21DajrtV8ktkqDkIlLscpo1/bPnAtkB5 d1lPiE12CI3O0LyHHUt19vs0GbpM7PkxwRhh1E4t X-Received: by 2002:a19:5402:: with SMTP id i2mr11312177lfb.128.1544619473447; Wed, 12 Dec 2018 04:57:53 -0800 (PST) MIME-Version: 1.0 References: <20181211224107.vdeksnc5bd5bb7mb@madcap2.tricolour.ca> <20181212024511.iftyuvwueh2mbolb@madcap2.tricolour.ca> In-Reply-To: <20181212024511.iftyuvwueh2mbolb@madcap2.tricolour.ca> From: Paul Moore Date: Wed, 12 Dec 2018 07:57:41 -0500 Message-ID: Subject: Re: [PATCH ghak59 V3 0/4] audit: config_change normalizations and event record gathering To: rgb@redhat.com Cc: linux-kernel@vger.kernel.org, linux-audit@redhat.com, Eric Paris , viro@zeniv.linux.org.uk, sgrubb@redhat.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Dec 11, 2018 at 9:45 PM Richard Guy Briggs wrote: > On 2018-12-11 18:26, Paul Moore wrote: > > On Tue, Dec 11, 2018 at 5:41 PM Richard Guy Briggs wrote: > > > On 2018-12-11 17:31, Paul Moore wrote: > > > > On Mon, Dec 10, 2018 at 5:18 PM Richard Guy Briggs wrote: > > > > ... > > > > > > > Richard Guy Briggs (4): > > > > > audit: give a clue what CONFIG_CHANGE op was involved > > > > > audit: add syscall information to CONFIG_CHANGE records > > > > > audit: hand taken context to audit_kill_trees for syscall logging > > > > > audit: extend config_change mark/watch/tree rule changes > > > > > > > > > > kernel/audit.c | 33 +++++++++++++++++++++++---------- > > > > > kernel/audit.h | 4 ++-- > > > > > kernel/audit_fsnotify.c | 4 ++-- > > > > > kernel/audit_tree.c | 28 +++++++++++++++------------- > > > > > kernel/audit_watch.c | 8 +++++--- > > > > > kernel/auditfilter.c | 2 +- > > > > > kernel/auditsc.c | 12 ++++++------ > > > > > 7 files changed, 54 insertions(+), 37 deletions(-) > > > > > > > > In order to make sure expectations are set appropriately, as we are at > > > > -rc6 right now this is not something that would go into audit/next now > > > > (assuming everything looks okay on review), it would go into > > > > audit/next *after* the upcoming merge window. > > > > > > I agree it is a bit late for this. I wasn't expecting it to go in this > > > one. I'm filling the queue since I'm blocked on other review for > > > ghak81(5.5wks), ghak90(5.5wks), ghak100(3.5wks). ghak90 missed another > > > merge window. > > > > As discussed previously, GHAK81 > > (https://github.com/linux-audit/audit-kernel/issues/81) is something > > that I consider part of the audit container ID work (GHAK90). I > > believe it's time to stop treating it as a separate issue. > > Fine by me. It was included in the ghak90 patchset this time and still > is in v5, waiting to get the questions replied to that arose out of the > review of v4 around Hallowe'en. If you knew ([1]) I didn't want GHAK81 treated as a separate issue, but instead included as part of GHAK90, why did you bother separating it out in your latest nag emails? [1]I didn't feel like digging through my sent mail to find out when we discussed this last so I could include a passive aggressive date, that exercise is left to the reader. I'm sure you'll understand. -- paul moore www.paul-moore.com