p71924506
/
linux_old1
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
linux_old1/security/integrity/evm
History
Richard Guy Briggs a1aa08a01f audit: link integrity evm_write_xattrs record to syscall event 
In commit fa516b66a1 ("EVM: Allow runtime modification of the set of
verified xattrs"), the call to audit_log_start() is missing a context to
link it to an audit event. Since this event is in user context, add
the process' syscall context to the record.

In addition, the orphaned keyword "locked" appears in the record.
Normalize this by changing it to logging the locking string "." as any
other user input in the "xattr=" field.

Please see the github issue
https://github.com/linux-audit/audit-kernel/issues/109

Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Acked-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
 		2019-03-27 18:11:52 -04:00
..
Kconfig evm: Allow non-SHA1 digital signatures 2018-07-18 07:27:22 -04:00
Makefile evm: posix acls modify i_mode 2011-09-14 15:24:51 -04:00
evm.h evm: Allow non-SHA1 digital signatures 2018-07-18 07:27:22 -04:00
evm_crypto.c evm: Use defined constant for UUID representation 2019-02-04 17:36:01 -05:00
evm_main.c evm: remove set but not used variable 'xattr' 2019-02-04 17:36:01 -05:00
evm_posix_acl.c security: audit and remove any unnecessary uses of module.h 2018-12-12 14:58:51 -08:00
evm_secfs.c audit: link integrity evm_write_xattrs record to syscall event 2019-03-27 18:11:52 -04:00