Received: by 10.213.65.68 with SMTP id h4csp104935imn; Mon, 12 Mar 2018 08:06:36 -0700 (PDT) X-Google-Smtp-Source: AG47ELsiywe6GqEC2yuuOn7Wvnh89w+CLaz3C95qhnFNKhOyIGmyXhjycmjZ+AxpiYIuDqlx0Vzp X-Received: by 2002:a17:902:57c6:: with SMTP id g6-v6mr8612521plj.358.1520867196559; Mon, 12 Mar 2018 08:06:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1520867196; cv=none; d=google.com; s=arc-20160816; b=Rod3ePdR1YRUTkitmr8NqVIbar1ua1umIHAd02DfS3T8+SlZOTt5JcvWFUZSBVz9WK WzKeHVNuxAnt2+bM0SgjAel4VyfrtPPLt5peIiRL0139txXRCa0XdaM4n93iVhJLh7ro PBH2AHM1CdxNjq6EZX1OiJsj0rJt7ob7VdzA0ntoQIBFS6/AZWFKWoDdCO6lADxw4kGf AT4lTo7240uqaCMvzsgwk2vDN9q8iPeJfUb+MxRwsrfenXBY72iqnhKOx87ewu3xFIr5 EtFne64An66SJvpG8CrLoiv3N5NkcMykO512xixHZt5PcQBlBY68zDtt2rO8xhe2nvv/ i5sw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=EfCc00tlRbNO2vBUoCkC0aaAlAsE2IOpoZ+waJ+D2+8=; b=z6Xt/CIGchqmgFzSIN2V4fSvp0PabAyM9gZPW+Au4pGqdZODWJyNox0nXTxiQih4gj aGjYQrAaUnb+8BMka3S1RxawCxVi/+dPQraGnN9hPoTM1zsNClSin6iE9T+IAgzpPJlS qQ8Lb0/pu8WjvWxO2E5kPccuzW0zJgsRFjixZ9xS2pLhwr83JJuEUCyou0BL9UA/BSCa dkCMT70AsHW0PBSr2mWY7ZA0ILJGqN2K15lcAinx1cG5wHCiEyErcvzKZL0BZS0gEFOM qB7knUH9VrpP3ucd/hvtO7G7K5UWVaGbvrAs8UaoV4b5lDZNuLpcep3GUgQwTsan7a4u Fx6A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=C9LhWDXg; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e87si5970410pfk.322.2018.03.12.08.06.21; Mon, 12 Mar 2018 08:06:36 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=C9LhWDXg; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751543AbeCLPFQ (ORCPT + 99 others); Mon, 12 Mar 2018 11:05:16 -0400 Received: from mail-lf0-f67.google.com ([209.85.215.67]:38062 "EHLO mail-lf0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751247AbeCLPFP (ORCPT ); Mon, 12 Mar 2018 11:05:15 -0400 Received: by mail-lf0-f67.google.com with SMTP id i80-v6so23769042lfg.5 for ; Mon, 12 Mar 2018 08:05:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=EfCc00tlRbNO2vBUoCkC0aaAlAsE2IOpoZ+waJ+D2+8=; b=C9LhWDXgcbW5P06N0LWLtMtNO/PmA8OZ8FANUQh8ovK68pG2Xcai6msvijmPuza8j0 07m/GWsGevTAWtlj8MKxgWpeFLOCBpIcVUT7/DOZBueODZ571SwvuECiQ4tR1xY3aFxa 4CwqQJClQaC7hM5hRsvcvJYmSpVbOYdCP6CEejLeiiIfzxFutKEHd4FvIMRtzUxmBc8w q8lHoukIKNIxN9HBN6V8FnAFaODTwc/VVi5wMhcd2lW4C55VfpCFXOQE9VKUZIvKbhiB /1dC+VF2Z37Clt/GGKiup2t8/N8qdNftJT9w9MW+FVckXKohCV2FhagMrbyCTEyLRyyP dciA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=EfCc00tlRbNO2vBUoCkC0aaAlAsE2IOpoZ+waJ+D2+8=; b=XlEpcGV8q2U/GFqpCtmjpV5y+XII3CS5f0OM/11L13/XcU8G28qIrGpLzdYT7EEiFy ywTi3Ty1mXPALWm/+cu+15FiueDcbuM0CMpAM/+rSrFXzG1hrlCMZfSGaWz6RV4EcrWt v+QAxVEbTZ8F3QIBWo7ANTM0joOA4SYp4NE3iHqqm5dy2lBitIRBg8YD6ZePG8OLiVpq CjeyvlyOxmTuaPBXKJgUMpPdCzmIoWCEs/K1w9ZNDwc57ukLlRz9AiGd2TfbRWXggY6i 0Z4+j+IdfraBUzkoQQr6+r5rX0tOjcg4ojllNRph4zay5VcY9Vf0oFuicXtXvRW9a/aR 7upw== X-Gm-Message-State: AElRT7EBWtmzucGjqWPhTuFHLEZoXg8qMNbYcC12fBB9g1rDrl7fg7Nr ryrFk2xubTdkVJOD1410Zq7aJH9Og3MKZ/z3jgmN X-Received: by 2002:a19:c6c8:: with SMTP id w191-v6mr2503730lff.40.1520867113560; Mon, 12 Mar 2018 08:05:13 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a19:d8a7:0:0:0:0:0 with HTTP; Mon, 12 Mar 2018 08:05:12 -0700 (PDT) X-Originating-IP: [108.20.156.165] In-Reply-To: <9ed76ccb239078ad5a2808d23c7b7f1738b0b2b8.1520835596.git.rgb@redhat.com> References: <9ed76ccb239078ad5a2808d23c7b7f1738b0b2b8.1520835596.git.rgb@redhat.com> From: Paul Moore Date: Mon, 12 Mar 2018 11:05:12 -0400 Message-ID: Subject: Re: [PATCH ghak21 V2 2/4] audit: link denied should not directly generate PATH record To: Richard Guy Briggs Cc: Linux-Audit Mailing List , LKML , Eric Paris , Steve Grubb , Kees Cook Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Mar 12, 2018 at 2:31 AM, Richard Guy Briggs wrote: > Audit link denied events generate duplicate PATH records which disagree > in different ways from symlink and hardlink denials. > audit_log_link_denied() should not directly generate PATH records. > While we're at it, remove the now useless struct path argument. > > See: https://github.com/linux-audit/audit-kernel/issues/21 > Signed-off-by: Richard Guy Briggs > --- > fs/namei.c | 2 +- > include/linux/audit.h | 6 ++---- > kernel/audit.c | 17 ++--------------- > 3 files changed, 5 insertions(+), 20 deletions(-) I have no objection to the v2 change of removing the link parameter, but this patch can not be merged as-is because the v1 patch has already been merged into audit/next (as stated on the mailing list). You need to respin this patch against audit/next and redo the subject/description to indicate that you are just removing the unused link parameter in this updated patch. > diff --git a/fs/namei.c b/fs/namei.c > index 9cc91fb..50d2533 100644 > --- a/fs/namei.c > +++ b/fs/namei.c > @@ -1011,7 +1011,7 @@ static int may_linkat(struct path *link) > if (safe_hardlink_source(inode) || inode_owner_or_capable(inode)) > return 0; > > - audit_log_link_denied("linkat", link); > + audit_log_link_denied("linkat"); > return -EPERM; > } > > diff --git a/include/linux/audit.h b/include/linux/audit.h > index af410d9..75d5b03 100644 > --- a/include/linux/audit.h > +++ b/include/linux/audit.h > @@ -146,8 +146,7 @@ extern void audit_log_d_path(struct audit_buffer *ab, > const struct path *path); > extern void audit_log_key(struct audit_buffer *ab, > char *key); > -extern void audit_log_link_denied(const char *operation, > - const struct path *link); > +extern void audit_log_link_denied(const char *operation); > extern void audit_log_lost(const char *message); > > extern int audit_log_task_context(struct audit_buffer *ab); > @@ -194,8 +193,7 @@ static inline void audit_log_d_path(struct audit_buffer *ab, > { } > static inline void audit_log_key(struct audit_buffer *ab, char *key) > { } > -static inline void audit_log_link_denied(const char *string, > - const struct path *link) > +static inline void audit_log_link_denied(const char *string) > { } > static inline int audit_log_task_context(struct audit_buffer *ab) > { > diff --git a/kernel/audit.c b/kernel/audit.c > index 7026d69..e54deaf 100644 > --- a/kernel/audit.c > +++ b/kernel/audit.c > @@ -2301,36 +2301,23 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk) > /** > * audit_log_link_denied - report a link restriction denial > * @operation: specific link operation > - * @link: the path that triggered the restriction > */ > -void audit_log_link_denied(const char *operation, const struct path *link) > +void audit_log_link_denied(const char *operation) > { > struct audit_buffer *ab; > - struct audit_names *name; > > if (!audit_enabled || audit_dummy_context()) > return; > > - name = kzalloc(sizeof(*name), GFP_NOFS); > - if (!name) > - return; > - > /* Generate AUDIT_ANOM_LINK with subject, operation, outcome. */ > ab = audit_log_start(current->audit_context, GFP_KERNEL, > AUDIT_ANOM_LINK); > if (!ab) > - goto out; > + return; > audit_log_format(ab, "op=%s", operation); > audit_log_task_info(ab, current); > audit_log_format(ab, " res=0"); > audit_log_end(ab); > - > - /* Generate AUDIT_PATH record with object. */ > - name->type = AUDIT_TYPE_NORMAL; > - audit_copy_inode(name, link->dentry, d_backing_inode(link->dentry)); > - audit_log_name(current->audit_context, name, link, 0, NULL); > -out: > - kfree(name); > } > > /** > -- > 1.8.3.1 > -- paul moore www.paul-moore.com