Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp827194ybg; Tue, 9 Jun 2020 14:00:19 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwSS0VZZPT1egfXW+4Yv1iUTFoPl5Jo9y2OnpPGr+APecVWLZuFKCpMIdqsVJ5IBx/gmvYE X-Received: by 2002:aa7:c609:: with SMTP id h9mr27576442edq.155.1591736419746; Tue, 09 Jun 2020 14:00:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591736419; cv=none; d=google.com; s=arc-20160816; b=QA6NXGv/zSdEWRKqLA7VhVVM1PuO0wKRY55mRi//09m7o+QrrcNAul+UtcprPchcnQ 4XiYcv73UUAALrEGmhL0ELIeyOd9t1Yz2TGtBMbsLYvDZoPnqxfjtcWjT1G88RqQpdys lMgoz+hTO7ZbcscekHfvGchPqGrQVpiEcy9pe9i+t7/cR3hhnKAB79dBylZxREcAnai/ X7DcM6E5UOzlnlGFOVI9NrJCLfYvT1u2a8RDnXhcGFJPYdggV0XEX1PInYaZmILbJDgQ nXo2L/GF0FFyIgvK5uFT49fDYR82WeWRqTjgT1R/4XyY45mYvc6/XjIntmCFRuAIrJ7R QjIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature:dkim-filter; bh=RcRx8d20bjJpLdKxUmDt/7K3aLBKNzYGLcu36Ac8y94=; b=mEkC21ihskWhmKYNRMQMYpsTuxD8cGD2E8vcujZKIf3Sy1+Uvi5kv0Pv1QoI/hQArk DRvL0H/Mfg59AQYTN7TuwgIGDAg16wWi9SRxYs7PouUA+paYzO8L0E2cSHTROBw6+4wV gfZHOdcfyXyRkp5x7eLdJM8TocSywZXPy3JiZBnS3QHmP34J8l0VPpt5KFB9VjHaZkeh 2oHjl3t9Gm8SVU+fOSFX66qjWMJeCt9zu0mhl63McRPxItMUE2AtGmL5i4sY9KQcW+7T wsrGit2OFJAcqn617P9H0LJ2T6yAPaeqoE2BuV9Pm/LgMyUs1Mi6VI7IP5y8Fk6A3FlW aT9A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=HZqrRLQR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id om21si11856777ejb.101.2020.06.09.13.59.56; Tue, 09 Jun 2020 14:00:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=HZqrRLQR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387930AbgFISDe (ORCPT + 99 others); Tue, 9 Jun 2020 14:03:34 -0400 Received: from linux.microsoft.com ([13.77.154.182]:37326 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1733193AbgFISDb (ORCPT ); Tue, 9 Jun 2020 14:03:31 -0400 Received: from [192.168.0.104] (c-73-42-176-67.hsd1.wa.comcast.net [73.42.176.67]) by linux.microsoft.com (Postfix) with ESMTPSA id 1AE4320B717B; Tue, 9 Jun 2020 11:03:29 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 1AE4320B717B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1591725809; bh=RcRx8d20bjJpLdKxUmDt/7K3aLBKNzYGLcu36Ac8y94=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=HZqrRLQRrYDntNP1Jtw4oEaypC9lkwLUlI9j6+1PzvhOjT1Qc5LXxONmka95SLTCn 3XUFK/fUKZXRBC9WtrfrgBuaRLu7C85Q64Vzi4k01hbp+a9ZcOYepI2+zI368Z2U07 WLCodQHxPAE6p/ZbRNCcEjr8ia3didJ0LTwcNoQo= Subject: Re: [PATCH v3] IMA: Add audit log for failure conditions To: Steve Grubb , Richard Guy Briggs Cc: linux-integrity@vger.kernel.org, linux-audit@redhat.com, zohar@linux.ibm.com, linux-kernel@vger.kernel.org References: <20200608215343.4491-1-nramas@linux.microsoft.com> <518a51b7-6c8d-f55f-c73a-b15abae8e0af@linux.microsoft.com> <20200609171555.itbllvtgjdanbbk7@madcap2.tricolour.ca> <2006844.2enhIMKrvE@x2> From: Lakshmi Ramasubramanian Message-ID: <2e3bc793-0d29-5434-1da3-2bcc34ed9012@linux.microsoft.com> Date: Tue, 9 Jun 2020 11:03:28 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0 MIME-Version: 1.0 In-Reply-To: <2006844.2enhIMKrvE@x2> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 6/9/20 10:35 AM, Steve Grubb wrote: >> >> If it is added, it should be appended to the end of the record since it >> is an existing record format, then in the case of res=1, errno= should >> still be present (not swing in and out) and just contain zero. (Or >> another value if there is a non-fatal warning?) > > This is not a searchable field, so it can go anywhere. If it is searchable, > ausearch expects ordering of other searchable fields. > Thank you for the clarification Steve. I'll add "errno=" right after "cause=". Also, "errno" will always be present - will be set to 0 if status is "success" (res=1) and a non-zero value for failure (res=0) thanks, -lakshmi