Received: by 10.213.65.68 with SMTP id h4csp121734imn; Mon, 12 Mar 2018 08:36:58 -0700 (PDT) X-Google-Smtp-Source: AG47ELvwM5aQj4tuGoagIhe70R1NOG+rF7rhc13umUP6J7p+qAkvUEBPR+gJeSrWFvl9KIVvG1CS X-Received: by 2002:a17:902:d03:: with SMTP id 3-v6mr2992667plu.245.1520869018482; Mon, 12 Mar 2018 08:36:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1520869018; cv=none; d=google.com; s=arc-20160816; b=FnrnP6/erkT6P6jSkwo9sG3Jcgs/yiUJaHP8KYbSQHK99LGAAyvSyAxas8Q1c3E0TU hgCTsd5Q5N4qKEDbApd3uVhYVTBIYLT/ZgBHayDplAP8/MWoJPgWptgS/TMhremPsPO9 q7ts2+HaV+R5e4rEjQtSZozsGlSMETXScjZgj9kxjgMB7tbfd5wtah65zSpxIY5xzwor VZJEUhoh2etiQW70c4PMusOfGTzTW7GKFm8ktUYlrG7b7C1ayFxQlYlBTlY7sPkvkAUw YosCtJ4Rs/i9SXJboP5F+vEaqNwqzdSBjMUapYEKtySHg+0QXs9XG86pEs7UrN8txDxQ LsUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=ptTwVaa+yS5mnev4ascrhFI5yyQpGmtgq5esVofht1s=; b=Df720J9vBEqZhurEeHIBV5fA5DOMTUZq1waW41pVCxWL1yDnYyAegcr9DAfRwR32yn /xTciXIwFgiS+AfBx9+hhrZTWlzk/0WywKzgKffEfgKyZrQI7oOnlrAoa4DLBWSaQ6Xa o5sLBXYBNMr9qOwei2audb7HD4eoy7KGe2NsaSBodFXKJ2IpV4PMkkxH5xlXviyQ2IoA VyuXjzTO5xViMNzfK+Kz5nWNxH9IlaXv1miabWYI+nppPRleVLQaqsc4bHuhs8SWM9OD FQDp27VnyqflPSBlBOUHszGK1575b/pVwQlljac3r9jvqCznxRnfFbse5MNuewsmKSs2 7BMw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t25si5090154pge.714.2018.03.12.08.36.43; Mon, 12 Mar 2018 08:36:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932439AbeCLPfb (ORCPT + 99 others); Mon, 12 Mar 2018 11:35:31 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:45776 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751458AbeCLPfa (ORCPT ); Mon, 12 Mar 2018 11:35:30 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 9EA41D144E; Mon, 12 Mar 2018 15:35:29 +0000 (UTC) Received: from madcap2.tricolour.ca (ovpn-112-12.rdu2.redhat.com [10.10.112.12]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 87D322166BAE; Mon, 12 Mar 2018 15:35:28 +0000 (UTC) Date: Mon, 12 Mar 2018 11:30:49 -0400 From: Richard Guy Briggs To: Paul Moore Cc: Linux-Audit Mailing List , LKML Subject: Re: [PATCH ghak21 V2 2/4] audit: link denied should not directly generate PATH record Message-ID: <20180312153049.udobftmchbpb7lou@madcap2.tricolour.ca> References: <9ed76ccb239078ad5a2808d23c7b7f1738b0b2b8.1520835596.git.rgb@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20171027 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.2]); Mon, 12 Mar 2018 15:35:29 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.2]); Mon, 12 Mar 2018 15:35:29 +0000 (UTC) for IP:'10.11.54.6' DOMAIN:'int-mx06.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'rgb@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2018-03-12 11:05, Paul Moore wrote: > On Mon, Mar 12, 2018 at 2:31 AM, Richard Guy Briggs wrote: > > Audit link denied events generate duplicate PATH records which disagree > > in different ways from symlink and hardlink denials. > > audit_log_link_denied() should not directly generate PATH records. > > While we're at it, remove the now useless struct path argument. > > > > See: https://github.com/linux-audit/audit-kernel/issues/21 > > Signed-off-by: Richard Guy Briggs > > --- > > fs/namei.c | 2 +- > > include/linux/audit.h | 6 ++---- > > kernel/audit.c | 17 ++--------------- > > 3 files changed, 5 insertions(+), 20 deletions(-) > > I have no objection to the v2 change of removing the link parameter, > but this patch can not be merged as-is because the v1 patch has > already been merged into audit/next (as stated on the mailing list). Yes, I self-NACKed that patch. https://www.redhat.com/archives/linux-audit/2018-March/msg00070.html Is it not possible to drop it, or would you have to do a revert to avoid a rebase? > You need to respin this patch against audit/next and redo the > subject/description to indicate that you are just removing the unused > link parameter in this updated patch. So the way I had it in my devel tree rather than squashing it... > > diff --git a/fs/namei.c b/fs/namei.c > > index 9cc91fb..50d2533 100644 > > --- a/fs/namei.c > > +++ b/fs/namei.c > > @@ -1011,7 +1011,7 @@ static int may_linkat(struct path *link) > > if (safe_hardlink_source(inode) || inode_owner_or_capable(inode)) > > return 0; > > > > - audit_log_link_denied("linkat", link); > > + audit_log_link_denied("linkat"); > > return -EPERM; > > } > > > > diff --git a/include/linux/audit.h b/include/linux/audit.h > > index af410d9..75d5b03 100644 > > --- a/include/linux/audit.h > > +++ b/include/linux/audit.h > > @@ -146,8 +146,7 @@ extern void audit_log_d_path(struct audit_buffer *ab, > > const struct path *path); > > extern void audit_log_key(struct audit_buffer *ab, > > char *key); > > -extern void audit_log_link_denied(const char *operation, > > - const struct path *link); > > +extern void audit_log_link_denied(const char *operation); > > extern void audit_log_lost(const char *message); > > > > extern int audit_log_task_context(struct audit_buffer *ab); > > @@ -194,8 +193,7 @@ static inline void audit_log_d_path(struct audit_buffer *ab, > > { } > > static inline void audit_log_key(struct audit_buffer *ab, char *key) > > { } > > -static inline void audit_log_link_denied(const char *string, > > - const struct path *link) > > +static inline void audit_log_link_denied(const char *string) > > { } > > static inline int audit_log_task_context(struct audit_buffer *ab) > > { > > diff --git a/kernel/audit.c b/kernel/audit.c > > index 7026d69..e54deaf 100644 > > --- a/kernel/audit.c > > +++ b/kernel/audit.c > > @@ -2301,36 +2301,23 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk) > > /** > > * audit_log_link_denied - report a link restriction denial > > * @operation: specific link operation > > - * @link: the path that triggered the restriction > > */ > > -void audit_log_link_denied(const char *operation, const struct path *link) > > +void audit_log_link_denied(const char *operation) > > { > > struct audit_buffer *ab; > > - struct audit_names *name; > > > > if (!audit_enabled || audit_dummy_context()) > > return; > > > > - name = kzalloc(sizeof(*name), GFP_NOFS); > > - if (!name) > > - return; > > - > > /* Generate AUDIT_ANOM_LINK with subject, operation, outcome. */ > > ab = audit_log_start(current->audit_context, GFP_KERNEL, > > AUDIT_ANOM_LINK); > > if (!ab) > > - goto out; > > + return; > > audit_log_format(ab, "op=%s", operation); > > audit_log_task_info(ab, current); > > audit_log_format(ab, " res=0"); > > audit_log_end(ab); > > - > > - /* Generate AUDIT_PATH record with object. */ > > - name->type = AUDIT_TYPE_NORMAL; > > - audit_copy_inode(name, link->dentry, d_backing_inode(link->dentry)); > > - audit_log_name(current->audit_context, name, link, 0, NULL); > > -out: > > - kfree(name); > > } > > > > /** > > -- > > 1.8.3.1 > > > > > > -- > paul moore > www.paul-moore.com > > -- > Linux-audit mailing list > Linux-audit@redhat.com > https://www.redhat.com/mailman/listinfo/linux-audit - RGB -- Richard Guy Briggs Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635