On Tue, Aug 29, 2023 at 2:24 PM Phil Sutter <phil@xxxxxx> wrote:
>
> Resetting rules' stateful data happens outside of the transaction logic,
> so 'get' and 'dump' handlers have to emit audit log entries themselves.
>
> Cc: Richard Guy Briggs <rgb@xxxxxxxxxx>
> Fixes: 8daa8fde3fc3f ("netfilter: nf_tables: Introduce NFT_MSG_GETRULE_RESET")
> Signed-off-by: Phil Sutter <phil@xxxxxx>
> ---
> include/linux/audit.h | 1 +
> kernel/auditsc.c | 1 +
> net/netfilter/nf_tables_api.c | 18 ++++++++++++++++++
> 3 files changed, 20 insertions(+)
See my comments in patch 1/2.
Acked-by: Paul Moore <paul@xxxxxxxxxxxxxx>
--
paul-moore.com
