[GIT PULL] Audit patches for v4.19

Paul Moore paul at paul-moore.com
Tue Aug 14 21:07:04 UTC 2018 

Hi Linus,

Twelve audit patches for v4.19 and they run the full gamut from fixes
to features.  Notable changes include the ability to use the "exe"
audit filter field in a wider variety of filter types, a fix for our
comparison of GID/EGID in audit filter rules, better association of
related audit records (connecting related audit records together into
one audit event), and a fix for a potential use-after-free in
audit_add_watch().

All the patches pass the audit-testsuite and merge cleanly on your
current master branch.

Please pull, thanks.
-Paul
--
The following changes since commit ce397d215ccd07b8ae3f71db689aedb85d56ab40:

 Linux 4.18-rc1 (2018-06-17 08:04:49 +0900)

are available in the Git repository at:

 git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git
   tags/audit-pr-20180814

for you to fetch changes up to baa2a4fdd525c8c4b0f704d20457195b29437839:

 audit: fix use-after-free in audit_add_watch (2018-07-18 11:43:36 -0400)

----------------------------------------------------------------
audit/stable-4.18 PR 20180814

----------------------------------------------------------------
Arnd Bergmann (1):
     audit: use ktime_get_coarse_ts64() for time access

Ondrej Mosnáček (3):
     audit: allow other filter list types for AUDIT_EXE
     audit: Fix extended comparison of GID/EGID
     cred: conditionally declare groups-related functions

Paul Moore (1):
     audit: use ktime_get_coarse_real_ts64() for timestamps

Richard Guy Briggs (6):
     audit: tie SECCOMP records to syscall
     audit: tie ANOM_ABEND records to syscall
     audit: rename FILTER_TYPE to FILTER_EXCLUDE
     audit: eliminate audit_enabled magic number comparison
     audit: check audit_enabled in audit_tree_log_remove_rule()
     audit: simplify audit_enabled check in audit_watch_log_rule_change()

Ronny Chevalier (1):
     audit: fix use-after-free in audit_add_watch

drivers/tty/tty_audit.c      |  2 +-
include/linux/audit.h        |  5 ++++-
include/linux/cred.h         | 15 ++++++++++-----
include/net/xfrm.h           |  2 +-
include/uapi/linux/audit.h   |  3 ++-
kernel/audit.c               |  7 ++-----
kernel/audit_tree.c          |  2 ++
kernel/audit_watch.c         | 41 ++++++++++++++++++++++++--------------
kernel/auditfilter.c         | 17 ++++++++++-------
kernel/auditsc.c             | 14 +++++++-------
net/netfilter/xt_AUDIT.c     |  2 +-
net/netlabel/netlabel_user.c |  2 +-
12 files changed, 67 insertions(+), 45 deletions(-)

--
paul moore
www.paul-moore.com

More information about the Linux-audit mailing list