Received: by 10.223.185.116 with SMTP id b49csp235632wrg;
        Thu, 8 Mar 2018 16:28:08 -0800 (PST)
X-Google-Smtp-Source: AG47ELsQ1cEcp0o/ctX1E7vX5MRh0fvhYe5H1bUUWbp7Cg8v4H1ruLd5dTQa5lZFYIGLRRKreRfP
X-Received: by 2002:a17:902:44:: with SMTP id 62-v6mr24998627pla.193.1520555288410;
        Thu, 08 Mar 2018 16:28:08 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1520555288; cv=none;
        d=google.com; s=arc-20160816;
        b=PtBlU/wNQUjI9oKBvA9yiutvE5qP59PmZN0WcskOd6sx4JU7nyTmEOdVjjXRt4zv2p
         4oXqHF9NgpKGdpv4CdWmRJe42elVS9wcgyeTT0chfQ/zC1JERnedQuFtY/5TJUvRftZR
         tJ+5rhWtosP1Kw8/ddFW7H9vLfaeqM8ube4LuqO/TtnmFLYKauCReVMMDzIlM8j+Sx8W
         LvxRwbQzF+9KniGARERnc1clEiJ/wYXRrAHac5cnJD5xfvO5WesZfDoVRalwAL18Ci3t
         Niu5f3rSr/7gSvVidCdgnRd8Y6D1YpS5e3+RV8RhxUQJhcTQO0DcZ8oaLY9Ww8Nq99qe
         SsbA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature
         :arc-authentication-results;
        bh=dFLpkWCFFnbfmyUmRL3BcaN5vD4XKvj/1ZQ54LyF+Ik=;
        b=n5KE4lbSH+jL27klOZUWMA5ZolZ2Sk0KBzqdcxU90vExZjnFvn8VeWkt9P3dTNmt2D
         lcaJ7scFXTHiXeu4QZlDuj12Q77ASbYzmXJIA+miP42mRj4BuperKd7K5fWZtc5NEvyO
         igIpcKq3PBttSXhb9J9NpRb/E7hL+tvsotEOK1lJHrDhc1W6Ux0K4ALi4r0jS/jhCHaT
         JzcGUO7Y2LdzcYmE0bJBzjCJ3/H3EmqcYe+otk8YzhdVNkuigxXDbTmJLBFphMK+xCck
         NtlYc6LpsrmLVTDCn+SjTwZ/MWDsEvmHuiDz2fnExXCF+7RqePEESPRwEpktITyHyEZA
         js9Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=TBsy4tN6;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id c1-v6si15635706pld.401.2018.03.08.16.27.53;
        Thu, 08 Mar 2018 16:28:08 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=TBsy4tN6;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751205AbeCIA0x (ORCPT <rfc822;arandomawesomegeek@gmail.com>
        + 99 others); Thu, 8 Mar 2018 19:26:53 -0500
Received: from mail-lf0-f66.google.com ([209.85.215.66]:37962 "EHLO
        mail-lf0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1750859AbeCIA0w (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 8 Mar 2018 19:26:52 -0500
Received: by mail-lf0-f66.google.com with SMTP id i80-v6so10917723lfg.5
        for <linux-kernel@vger.kernel.org>; Thu, 08 Mar 2018 16:26:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=paul-moore-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=dFLpkWCFFnbfmyUmRL3BcaN5vD4XKvj/1ZQ54LyF+Ik=;
        b=TBsy4tN6pWctMNlvwfq+p01ZrlyZ61vLfgDVxQ6qpdaW564tCKRIgPQWx2f02rDaZz
         x4qoJkkoZYfb2TlQ02RzvyD9OAeFiFL19cEJzfkPPJSVTiNUspLaPiGqnksSPI+k1Fmb
         Ak+8FafpS3ofBqKoK2CxdsqVL4duHkJynTbpc616d/mJ8GSEGKkV6hsEOddyJeDlI9A6
         wV+PDf7rIn+LSVFcdSiDf5LsOzfWRMUO8bMldbDAnUIwLjHB2ffv4Gn3N1UM3KAG8YnF
         rdqINiRL5Y5xQ1zc73gHia2ccapGSE+K1j2+VK8J6BktwrG9CalE1TqHArGeZakbTFTe
         RC1A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=dFLpkWCFFnbfmyUmRL3BcaN5vD4XKvj/1ZQ54LyF+Ik=;
        b=uoVZkLTAy22Cp1vCqFPHR/XA99Z13qngwz0JrI9nqsoQcdlE84qBcTSVBQKUNofbWd
         NE3nMxespcJ7gv9FRy4PtEota0ut//PNGrzjNPLyCm7QCF9j9xyqq+a2yLcfVTCsEgWC
         V2uoEF521INqL4msTSAf8XnvwlE3GaColMKtu4/M0vb8DsG8qDQOEYs4uWW+nlaCSZXV
         wJ09ZIDpaOWEEjo8jPVt0ACPuNXAEPFD9ou+8H9nO6JjTZirjCPoa8Hd7VNPchZAPbn8
         FHJTJp8vwMR4H9h5pw7g2wlMjUDZGx415A1GVd+imA2EqiRmaQ+LLVYbmPjgXUnzGyrp
         k5gw==
X-Gm-Message-State: AElRT7GHPktrG6RMHqOoOMEoLvF8SkJ6PsXvbgGxZjkZLAutezzs4RRc
        TeUtM3P6Yw6oczcTwuy1PQFungq7nbi4D0mHSulM
X-Received: by 10.25.198.23 with SMTP id w23mr18985926lff.40.1520555210551;
 Thu, 08 Mar 2018 16:26:50 -0800 (PST)
MIME-Version: 1.0
Received: by 10.25.216.167 with HTTP; Thu, 8 Mar 2018 16:26:49 -0800 (PST)
X-Originating-IP: [108.20.156.165]
In-Reply-To: <f48d5d1f1e429e2dee817ae723f9a02a67ed1f3b.1518603831.git.rgb@redhat.com>
References: <cover.1518603831.git.rgb@redhat.com> <f48d5d1f1e429e2dee817ae723f9a02a67ed1f3b.1518603831.git.rgb@redhat.com>
From:   Paul Moore <paul@paul-moore.com>
Date:   Thu, 8 Mar 2018 19:26:49 -0500
Message-ID: <CAHC9VhTYqJ5v1MTqch624PS8d8YkgeEK4tEY5cUcgXgD8ofU1A@mail.gmail.com>
Subject: Re: [RFC PATCH ghak21 2/4] audit: link denied should not directly
 generate PATH record
To:     Richard Guy Briggs <rgb@redhat.com>
Cc:     Linux-Audit Mailing List <linux-audit@redhat.com>,
        LKML <linux-kernel@vger.kernel.org>,
        Eric Paris <eparis@redhat.com>,
        Steve Grubb <sgrubb@redhat.com>,
        Kees Cook <keescook@chromium.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Feb 14, 2018 at 11:18 AM, Richard Guy Briggs <rgb@redhat.com> wrote:
> Audit link denied events generate duplicate PATH records which disagree
> in different ways from symlink and hardlink denials.
> audit_log_link_denied() should not directly generate PATH records.
>
> See: https://github.com/linux-audit/audit-kernel/issues/21
> Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> ---
>  kernel/audit.c | 14 +-------------
>  1 file changed, 1 insertion(+), 13 deletions(-)

Merged, thanks.

> diff --git a/kernel/audit.c b/kernel/audit.c
> index 4c3fd24..683b249 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -2259,31 +2259,19 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
>  void audit_log_link_denied(const char *operation, const struct path *link)
>  {
>         struct audit_buffer *ab;
> -       struct audit_names *name;
>
>         if (!audit_enabled || audit_dummy_context())
>                 return;
>
> -       name = kzalloc(sizeof(*name), GFP_NOFS);
> -       if (!name)
> -               return;
> -
>         /* Generate AUDIT_ANOM_LINK with subject, operation, outcome. */
>         ab = audit_log_start(current->audit_context, GFP_KERNEL,
>                              AUDIT_ANOM_LINK);
>         if (!ab)
> -               goto out;
> +               return;
>         audit_log_format(ab, "op=%s", operation);
>         audit_log_task_info(ab, current);
>         audit_log_format(ab, " res=0");
>         audit_log_end(ab);
> -
> -       /* Generate AUDIT_PATH record with object. */
> -       name->type = AUDIT_TYPE_NORMAL;
> -       audit_copy_inode(name, link->dentry, d_backing_inode(link->dentry));
> -       audit_log_name(current->audit_context, name, link, 0, NULL);
> -out:
> -       kfree(name);
>  }
>
>  /**
> --
> 1.8.3.1
>



-- 
paul moore
www.paul-moore.com