Received: by 10.223.185.116 with SMTP id b49csp1136685wrg;
        Wed, 14 Feb 2018 12:11:10 -0800 (PST)
X-Google-Smtp-Source: AH8x227uF+xqSDY8qxyCWFEnNbCiUNeqOKxSm4JHHrDfTPWVc4K4gNuA1KYb7FgzsyD1ryDs+iZW
X-Received: by 2002:a17:902:203:: with SMTP id 3-v6mr171549plc.413.1518639070464;
        Wed, 14 Feb 2018 12:11:10 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1518639070; cv=none;
        d=google.com; s=arc-20160816;
        b=yDI2QulY43g+lHhJ/RGUEsNJeK1DHFftvXEWI58vVyUaPMcp9Lj+gLZgX3Bgaan2GO
         LfSwRDi8WsFIw479RBArwkUIQKYM09NseZCNPIM18681+ltgv5dgeaiPrMUMMOmZq/YH
         kncK4E4utNppMkkpcJsfb/IFQURKadIjh7YLSl76uS6JjxcY49hgMyn1LR/khDftIAQb
         nuw9gBhDaE2Bgz4jhkOG8gB1plz2hZgvYNoZRRJiux8j4AfRLfgJ1h75z0RiP+wXdtDO
         fztGLo0GMZb7OngHwlmsm1Rb5EF1W6Rq9ASeaCaJEr+v7toWTtf7KENA15f72fc/koOB
         W1oQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature:dkim-signature
         :arc-authentication-results;
        bh=1xaV2pOZmTzBExBURpGsH6h/fwbsKkF1mlar0WtCrVE=;
        b=cmCfY5CiZZtxkQ8uM7erVLQbM2DYUQAmbM+ySp9IuTjPNLApuTIWDq3SWEz6tpF+p3
         4NyKdjxkXwmKxTwVR1ihC062QvWc+PQV0m6rxNNcL0eKPXzWkWlFC6HpkDwjGQrA+Ddp
         ONUmXCtuzPN6eE22xqZAdzF+2nQDaus0DoRAtURBGA6mNjcmZSu0ItUcHf7hW3bTgd1d
         6q5gHIZ6qB9iWCBoXDZqEBEpdMdxjcsV1jJ8ISE5sSTS7KXN3RY79FTO3ZHD/l72lfkV
         k+IxHROhIO17XcTaE0m/cjuEAi6rmPY/H0UAmS5wPx0c3oFoXsDV2vDGrLWXVkjOWGB0
         7dvA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@google.com header.s=20161025 header.b=ZQNmTYRq;
       dkim=fail header.i=@chromium.org header.s=google header.b=NnZEufZl;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id d16-v6si74397pll.210.2018.02.14.12.10.55;
        Wed, 14 Feb 2018 12:11:10 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@google.com header.s=20161025 header.b=ZQNmTYRq;
       dkim=fail header.i=@chromium.org header.s=google header.b=NnZEufZl;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1161521AbeBNRvX (ORCPT <rfc822;rmelvin.vger@gmail.com>
        + 99 others); Wed, 14 Feb 2018 12:51:23 -0500
Received: from mail-vk0-f65.google.com ([209.85.213.65]:45691 "EHLO
        mail-vk0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1161472AbeBNRvV (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 14 Feb 2018 12:51:21 -0500
Received: by mail-vk0-f65.google.com with SMTP id j204so13380125vke.12
        for <linux-kernel@vger.kernel.org>; Wed, 14 Feb 2018 09:51:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=1xaV2pOZmTzBExBURpGsH6h/fwbsKkF1mlar0WtCrVE=;
        b=ZQNmTYRqhOWGGYUycv+4lzhPOO89a9cFU5Qt7dGPbIODOxSqQOJb4+TghLXCRdBcV8
         ef3k9DV2F+pjogOao/Swgw5XrkJn7Du1ImTNbfU9jhk1oxwUS3JrIBQWAQbr5qPDSGly
         crcG6gG2SE88mqQFMLKgKcqzDsP5F8xkJc0c0R33vPLAPeipBkzNKaLOHHlz6bsBfuRU
         KZ97wIXKvUTr2bEZwZjbl1HqSf3d1uIDTpUSJMge0vFD/1/GHZzqpZjzKV972eh9ZTAJ
         IcpQGHwt17T7FmBFflCkfe+VmzwAx1/vTXfOLUadwI57WylCF14hFdDDIhSdCH+dzxuc
         RS0w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=1xaV2pOZmTzBExBURpGsH6h/fwbsKkF1mlar0WtCrVE=;
        b=NnZEufZlU07FFmaYYcjSM1eg/7HvVNKAGYPge8/41yNVa9wneFgytDtjwOAoRrH0KJ
         ZPfh5XwpigGbwBGzUneMGmgfjdca+IMNYDNlMBAB8br1bJt3O7qQ6raOC8RYJtb7+xLv
         n5JUOx3r8YOOZ3qE73TPxOAUID4r1aZ2oB1aM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=1xaV2pOZmTzBExBURpGsH6h/fwbsKkF1mlar0WtCrVE=;
        b=Hr8O4kMzkX9e7JMZGC8KOgRwoG2PwTb3WVNJlm/zwbHjcXAKnuNyTWrzBFh0vopGzt
         UbOxEd6OxY5xOsCAFkEIDDeM/lFVZThaEt/wdmOo9TCcXhoUAarrgcm0xfxKpW/d7+ml
         1xa9SIrir7cu6del6rF0gKKqDvH2DNijdCsLdK8TQOOGOW7/+x0DRcq9yQjdMySmNEh0
         42dLZLe5UwSyq4Dd6s7i/VC9rYDGyYvYWClFwDK3Wg5Qz94waLn3kObKFK+/Fi476CEW
         LRu8h3Kom6CCRGrDIzP0yn8xivgRKB9jjqp0h00KSJ7cDmwWomFhL06EmZNBgo76kpWR
         0k/A==
X-Gm-Message-State: APf1xPCJYAzpCcuZ5WoRplh7FGWu6HFe1gwtvzi0CZeaaGNviYfQBVnj
        m0LfbEp2e7EcaccVGD14wlPqWGsiSKCdEoTq5B2Yiw==
X-Received: by 10.31.228.199 with SMTP id b190mr36634vkh.84.1518630680799;
 Wed, 14 Feb 2018 09:51:20 -0800 (PST)
MIME-Version: 1.0
Received: by 10.31.56.87 with HTTP; Wed, 14 Feb 2018 09:51:17 -0800 (PST)
In-Reply-To: <3a9542b261d93bc4eaecfaf359affbba152cf965.1518603831.git.rgb@redhat.com>
References: <cover.1518603831.git.rgb@redhat.com> <3a9542b261d93bc4eaecfaf359affbba152cf965.1518603831.git.rgb@redhat.com>
From:   Kees Cook <keescook@chromium.org>
Date:   Wed, 14 Feb 2018 09:51:17 -0800
X-Google-Sender-Auth: qERgHePw_1hH8yJTUy7B_C8Qh0s
Message-ID: <CAGXu5jKtEv-W3R-uakY9S9=OFmjY3ZqxQJFa3YxGd4RWyUEGgQ@mail.gmail.com>
Subject: Re: [RFC PATCH ghak21 1/4] audit: make ANOM_LINK obey audit_enabled
 and audit_dummy_context
To:     Richard Guy Briggs <rgb@redhat.com>
Cc:     Linux-Audit Mailing List <linux-audit@redhat.com>,
        LKML <linux-kernel@vger.kernel.org>,
        Eric Paris <eparis@redhat.com>,
        Paul Moore <paul@paul-moore.com>,
        Steve Grubb <sgrubb@redhat.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Feb 14, 2018 at 8:18 AM, Richard Guy Briggs <rgb@redhat.com> wrote:
> Audit link denied events emit disjointed records when audit is disabled.
> No records should be emitted when audit is disabled.
>
> See: https://github.com/linux-audit/audit-kernel/issues/21
> Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> ---
>  kernel/audit.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/kernel/audit.c b/kernel/audit.c
> index 227db99..4c3fd24 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -2261,6 +2261,9 @@ void audit_log_link_denied(const char *operation, const struct path *link)
>         struct audit_buffer *ab;
>         struct audit_names *name;
>
> +       if (!audit_enabled || audit_dummy_context())
> +               return;
> +
>         name = kzalloc(sizeof(*name), GFP_NOFS);
>         if (!name)
>                 return;

Doesn't this means errors here would be silent if audit isn't enabled?
I don't that; sysadmins should see this notification regardless of the
audit state...

-Kees

-- 
Kees Cook
Pixel Security