Received: by 10.223.185.116 with SMTP id b49csp235632wrg; Thu, 8 Mar 2018 16:28:08 -0800 (PST) X-Google-Smtp-Source: AG47ELsQ1cEcp0o/ctX1E7vX5MRh0fvhYe5H1bUUWbp7Cg8v4H1ruLd5dTQa5lZFYIGLRRKreRfP X-Received: by 2002:a17:902:44:: with SMTP id 62-v6mr24998627pla.193.1520555288410; Thu, 08 Mar 2018 16:28:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1520555288; cv=none; d=google.com; s=arc-20160816; b=PtBlU/wNQUjI9oKBvA9yiutvE5qP59PmZN0WcskOd6sx4JU7nyTmEOdVjjXRt4zv2p 4oXqHF9NgpKGdpv4CdWmRJe42elVS9wcgyeTT0chfQ/zC1JERnedQuFtY/5TJUvRftZR tJ+5rhWtosP1Kw8/ddFW7H9vLfaeqM8ube4LuqO/TtnmFLYKauCReVMMDzIlM8j+Sx8W LvxRwbQzF+9KniGARERnc1clEiJ/wYXRrAHac5cnJD5xfvO5WesZfDoVRalwAL18Ci3t Niu5f3rSr/7gSvVidCdgnRd8Y6D1YpS5e3+RV8RhxUQJhcTQO0DcZ8oaLY9Ww8Nq99qe SsbA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=dFLpkWCFFnbfmyUmRL3BcaN5vD4XKvj/1ZQ54LyF+Ik=; b=n5KE4lbSH+jL27klOZUWMA5ZolZ2Sk0KBzqdcxU90vExZjnFvn8VeWkt9P3dTNmt2D lcaJ7scFXTHiXeu4QZlDuj12Q77ASbYzmXJIA+miP42mRj4BuperKd7K5fWZtc5NEvyO igIpcKq3PBttSXhb9J9NpRb/E7hL+tvsotEOK1lJHrDhc1W6Ux0K4ALi4r0jS/jhCHaT JzcGUO7Y2LdzcYmE0bJBzjCJ3/H3EmqcYe+otk8YzhdVNkuigxXDbTmJLBFphMK+xCck NtlYc6LpsrmLVTDCn+SjTwZ/MWDsEvmHuiDz2fnExXCF+7RqePEESPRwEpktITyHyEZA js9Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=TBsy4tN6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c1-v6si15635706pld.401.2018.03.08.16.27.53; Thu, 08 Mar 2018 16:28:08 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=TBsy4tN6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751205AbeCIA0x (ORCPT + 99 others); Thu, 8 Mar 2018 19:26:53 -0500 Received: from mail-lf0-f66.google.com ([209.85.215.66]:37962 "EHLO mail-lf0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750859AbeCIA0w (ORCPT ); Thu, 8 Mar 2018 19:26:52 -0500 Received: by mail-lf0-f66.google.com with SMTP id i80-v6so10917723lfg.5 for ; Thu, 08 Mar 2018 16:26:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=dFLpkWCFFnbfmyUmRL3BcaN5vD4XKvj/1ZQ54LyF+Ik=; b=TBsy4tN6pWctMNlvwfq+p01ZrlyZ61vLfgDVxQ6qpdaW564tCKRIgPQWx2f02rDaZz x4qoJkkoZYfb2TlQ02RzvyD9OAeFiFL19cEJzfkPPJSVTiNUspLaPiGqnksSPI+k1Fmb Ak+8FafpS3ofBqKoK2CxdsqVL4duHkJynTbpc616d/mJ8GSEGKkV6hsEOddyJeDlI9A6 wV+PDf7rIn+LSVFcdSiDf5LsOzfWRMUO8bMldbDAnUIwLjHB2ffv4Gn3N1UM3KAG8YnF rdqINiRL5Y5xQ1zc73gHia2ccapGSE+K1j2+VK8J6BktwrG9CalE1TqHArGeZakbTFTe RC1A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=dFLpkWCFFnbfmyUmRL3BcaN5vD4XKvj/1ZQ54LyF+Ik=; b=uoVZkLTAy22Cp1vCqFPHR/XA99Z13qngwz0JrI9nqsoQcdlE84qBcTSVBQKUNofbWd NE3nMxespcJ7gv9FRy4PtEota0ut//PNGrzjNPLyCm7QCF9j9xyqq+a2yLcfVTCsEgWC V2uoEF521INqL4msTSAf8XnvwlE3GaColMKtu4/M0vb8DsG8qDQOEYs4uWW+nlaCSZXV wJ09ZIDpaOWEEjo8jPVt0ACPuNXAEPFD9ou+8H9nO6JjTZirjCPoa8Hd7VNPchZAPbn8 FHJTJp8vwMR4H9h5pw7g2wlMjUDZGx415A1GVd+imA2EqiRmaQ+LLVYbmPjgXUnzGyrp k5gw== X-Gm-Message-State: AElRT7GHPktrG6RMHqOoOMEoLvF8SkJ6PsXvbgGxZjkZLAutezzs4RRc TeUtM3P6Yw6oczcTwuy1PQFungq7nbi4D0mHSulM X-Received: by 10.25.198.23 with SMTP id w23mr18985926lff.40.1520555210551; Thu, 08 Mar 2018 16:26:50 -0800 (PST) MIME-Version: 1.0 Received: by 10.25.216.167 with HTTP; Thu, 8 Mar 2018 16:26:49 -0800 (PST) X-Originating-IP: [108.20.156.165] In-Reply-To: References: From: Paul Moore Date: Thu, 8 Mar 2018 19:26:49 -0500 Message-ID: Subject: Re: [RFC PATCH ghak21 2/4] audit: link denied should not directly generate PATH record To: Richard Guy Briggs Cc: Linux-Audit Mailing List , LKML , Eric Paris , Steve Grubb , Kees Cook Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Feb 14, 2018 at 11:18 AM, Richard Guy Briggs wrote: > Audit link denied events generate duplicate PATH records which disagree > in different ways from symlink and hardlink denials. > audit_log_link_denied() should not directly generate PATH records. > > See: https://github.com/linux-audit/audit-kernel/issues/21 > Signed-off-by: Richard Guy Briggs > --- > kernel/audit.c | 14 +------------- > 1 file changed, 1 insertion(+), 13 deletions(-) Merged, thanks. > diff --git a/kernel/audit.c b/kernel/audit.c > index 4c3fd24..683b249 100644 > --- a/kernel/audit.c > +++ b/kernel/audit.c > @@ -2259,31 +2259,19 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk) > void audit_log_link_denied(const char *operation, const struct path *link) > { > struct audit_buffer *ab; > - struct audit_names *name; > > if (!audit_enabled || audit_dummy_context()) > return; > > - name = kzalloc(sizeof(*name), GFP_NOFS); > - if (!name) > - return; > - > /* Generate AUDIT_ANOM_LINK with subject, operation, outcome. */ > ab = audit_log_start(current->audit_context, GFP_KERNEL, > AUDIT_ANOM_LINK); > if (!ab) > - goto out; > + return; > audit_log_format(ab, "op=%s", operation); > audit_log_task_info(ab, current); > audit_log_format(ab, " res=0"); > audit_log_end(ab); > - > - /* Generate AUDIT_PATH record with object. */ > - name->type = AUDIT_TYPE_NORMAL; > - audit_copy_inode(name, link->dentry, d_backing_inode(link->dentry)); > - audit_log_name(current->audit_context, name, link, 0, NULL); > -out: > - kfree(name); > } > > /** > -- > 1.8.3.1 > -- paul moore www.paul-moore.com