p71924506
/
linux_old1
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
linux_old1/security/integrity
History
Richard Guy Briggs a1aa08a01f audit: link integrity evm_write_xattrs record to syscall event 
In commit fa516b66a1 ("EVM: Allow runtime modification of the set of
verified xattrs"), the call to audit_log_start() is missing a context to
link it to an audit event. Since this event is in user context, add
the process' syscall context to the record.

In addition, the orphaned keyword "locked" appears in the record.
Normalize this by changing it to logging the locking string "." as any
other user input in the "xattr=" field.

Please see the github issue
https://github.com/linux-audit/audit-kernel/issues/109

Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Acked-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
 		2019-03-27 18:11:52 -04:00
..
evm audit: link integrity evm_write_xattrs record to syscall event 2019-03-27 18:11:52 -04:00
ima Merge branch 'next-tpm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2019-03-10 17:37:29 -07:00
platform_certs efi: Allow the "db" UEFI variable to be suppressed 2018-12-12 22:09:10 -05:00
Kconfig Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2019-01-02 09:43:14 -08:00
Makefile efi: Import certificates from UEFI Secure Boot 2018-12-12 22:04:33 -05:00
digsig.c integrity, KEYS: add a reference to platform keyring 2019-02-04 17:29:19 -05:00
digsig_asymmetric.c integrity: support new struct public_key_signature encoding field 2018-11-13 13:09:56 -08:00
iint.c get rid of legacy 'get_ds()' function 2019-03-04 10:50:14 -08:00
integrity.h integrity: Remove references to module keyring 2018-12-17 14:09:39 -08:00
integrity_audit.c ima: Use audit_log_format() rather than audit_log_string() 2018-07-18 07:27:22 -04:00