Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753096AbbHEUI0 (ORCPT ); Wed, 5 Aug 2015 16:08:26 -0400 Received: from mx1.redhat.com ([209.132.183.28]:40872 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751912AbbHEUIY (ORCPT ); Wed, 5 Aug 2015 16:08:24 -0400 From: Steve Grubb To: Paul Moore Cc: Richard Guy Briggs , linux-audit@redhat.com, linux-kernel@vger.kernel.org, eparis@redhat.com Subject: Re: [PATCH V4 (was V6)] audit: use macros for unset inode and device values Date: Wed, 05 Aug 2015 16:08:23 -0400 Message-ID: <32702596.GifTzGnU6n@x2> Organization: Red Hat User-Agent: KMail/4.14.9 (Linux/4.1.3-200.fc22.x86_64; KDE/4.14.9; x86_64; ; ) In-Reply-To: <1963661.TAhBJMcsjy@sifl> References: <20150805063014.GB32407@madcap2.tricolour.ca> <1963661.TAhBJMcsjy@sifl> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2320 Lines: 47 On Wednesday, August 05, 2015 03:16:58 PM Paul Moore wrote: > On Wednesday, August 05, 2015 02:30:14 AM Richard Guy Briggs wrote: > > On 15/08/04, Paul Moore wrote: > > > On Saturday, August 01, 2015 03:42:23 PM Richard Guy Briggs wrote: > > > > Signed-off-by: Richard Guy Briggs > > > > --- > > > > > > > > include/uapi/linux/audit.h | 2 ++ > > > > kernel/audit.c | 2 +- > > > > kernel/audit_watch.c | 8 ++++---- > > > > kernel/auditsc.c | 6 +++--- > > > > 4 files changed, 10 insertions(+), 8 deletions(-) > > > > > > Yipee, less magic numbers! > > > > > > However, one question for you ... are we ever going to see a device or > > > inode set to -1 in the userspace facing API? In other words, should the > > > new #defines go in the uapi headers or simply in kernel/audit.h? Unless > > > it is part of the API, let's leave it out of uapi as we have to be very > > > careful about that stuff and I'd prefer to keep it minimal. > > > > This is a good point. I did briefly thing about this at one point. > > Perhaps Steve can answer this. It would be trivial to move it back to > > uapi if needed. Would you be ok with it in include/linux/audit.h for > > now? > > I have no problem with it in include/linux/audit.h, that is a kernel-only > include that we can change at anytime. My concern is putting it into a uapi > header which makes it very hard to change. > > I'm thinking we should just go ahead and put it in include/linux/audit.h for > now as I can't think of a reason why userspace should be passing in an > invalid dev/inode value, it just doesn't make sense. If the invalid tokens > prove to be valuable for userspace, we can always move the #defines. I can't imagine anyone auditing against a specific device or inode. Its like auditing a pid when you really want the program name. Its much more useful to audit by filename or directory and not inode/device. So, do whatever you want. The only unset value that people actually use is the auid because deamons have it unset. -Steve -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/