[PATCH v20 20/23] Audit: Add new record for multiple process LSM attributes

Paul Moore paul at paul-moore.com
Thu Sep 3 21:49:28 UTC 2020


On Thu, Sep 3, 2020 at 12:32 PM James Morris <jmorris at namei.org> wrote:
> On Wed, 26 Aug 2020, Casey Schaufler wrote:
>
> > Create a new audit record type to contain the subject information
> > when there are multiple security modules that require such data.
> > This record is linked with the same timestamp and serial number.
> > The record is produced only in cases where there is more than one
> > security module with a process "context".
> >
> > Before this change the only audit events that required multiple
> > records were syscall events. Several non-syscall events include
> > subject contexts, so the use of audit_context data has been expanded
> > as necessary.
> >
> > Signed-off-by: Casey Schaufler <casey at schaufler-ca.com>
> > Cc: linux-audit at redhat.com
>
> Paul, can you review/ack the audit changes?

I did a previous version at some point in the past, I'll take a look
at v20 tomorrow or this weekend.

-- 
paul moore
www.paul-moore.com



More information about the Linux-security-module-archive mailing list