Received: by 10.213.65.68 with SMTP id h4csp131222imn;
        Mon, 12 Mar 2018 08:54:39 -0700 (PDT)
X-Google-Smtp-Source: AG47ELsKbRAbvWDxUDghn43kkuCBXAoaLoPeSHIv7+z0pZrZYNV8+xISMF/JusS9wq8ehz+3+Kq/
X-Received: by 10.98.65.72 with SMTP id o69mr8394515pfa.97.1520870079110;
        Mon, 12 Mar 2018 08:54:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1520870079; cv=none;
        d=google.com; s=arc-20160816;
        b=x91366bMjGLVckrwWmKTKal15bmsf2xrR0P3u+83WNZI/3S75F6wM937fUokln3mKo
         Selk1E55Ltzo3ov1BOyk5doT7NR6ljaTEVLyB+tlEDE4EwXEAnQ7/5PSZHYKn6cBEBqV
         tQfurKWdduh626eJlJe/oQ7prlZ5r3PF/pTHDwfuZEb0aPthCVbV1Ls0z7xgn5UFkfpV
         92ZWyAz+doC4b8OgPEU42Xp8QbMZTTX/gm5C9OOobJqtH6J5q/vjAukMfBCytn6zCgxH
         0JB/mQDDm+vlHEGWY44kpntvmFm2lZr76OaHNYM0L9smX8hKSL1VgiWTHB+EorM7+LwT
         zLmQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature
         :arc-authentication-results;
        bh=d599tiDZLXG7HBRhpeWPNE5BqRvKjpir7+hSaoxSgak=;
        b=KQ5EeIFr6tAdkvp7LqImkIue7iTzUdxGUyyrBeF8SjogdxsUx1ZcluewAo7Nb/zIm3
         Baz0NBkY5n3rTTFyO82MQfk69+UorTKA60wBbsbxZwl0rbc2DxjcmdUJ2B/7NlutpjDT
         FyxfDwnmHA3RIpExcqkKVmEeoFqQmTtIjJLFYaPhIVZg6B/KvIedBtAHK50wIvE5jzm9
         xfsnvE0Ge0afaK8hqTgNvpmPjvxJTOVDKSmnAmGWL/bW549fL0eRuk/cOJfYGSJkT+GF
         ZnMZPJ57qYfxTD2CEHCDJ7TSWGXcrFV6VPHC6JdxD84CFSrHqemtTkZfWLNRSLDNrHLp
         pTCg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=YwfV1cBk;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 33-v6si6188569plu.426.2018.03.12.08.54.24;
        Mon, 12 Mar 2018 08:54:39 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=YwfV1cBk;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S932637AbeCLPxH (ORCPT <rfc822;zoe.song.ucas@gmail.com>
        + 99 others); Mon, 12 Mar 2018 11:53:07 -0400
Received: from mail-lf0-f67.google.com ([209.85.215.67]:35311 "EHLO
        mail-lf0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751415AbeCLPxG (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 12 Mar 2018 11:53:06 -0400
Received: by mail-lf0-f67.google.com with SMTP id t132-v6so7576869lfe.2
        for <linux-kernel@vger.kernel.org>; Mon, 12 Mar 2018 08:53:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=paul-moore-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=d599tiDZLXG7HBRhpeWPNE5BqRvKjpir7+hSaoxSgak=;
        b=YwfV1cBkftq+G/ZZPIPqKJBtwsfWPOQCkyWShutGV5zKR329J2N8OQS9Ue6nWQaWEE
         IZUDcJFJIl4AJYVF5VuoEW0BjPEuQ4jcJ+2MAXo+mxt+7kIXPcseRT9G0t6WrB2OIFq4
         Y4gDOXG/QFT2FQuhpBcwdEVVpMyn/dCxI56DXENmkpjynwXDzLd4AFItOkarybAQzagg
         jAABDxKCIgxm3nWoa14OoRarS6Jdsp7OgzxyZkvhol6cGMSHdIpYzle6drKkOyvvVYk8
         o2yOY/39zF/xDhdbCqnLITi3uyZSYXCwMCGinDg8ME8kgJlbR/etUNiPx2oqzmn7Zf1S
         uSjw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=d599tiDZLXG7HBRhpeWPNE5BqRvKjpir7+hSaoxSgak=;
        b=EmTBmwkTah0CVrOZKhwKjh2NbEraY41rVtCMtbrUQyeC4IUgTlWA6jqp2Oyq1DdOLO
         eco4Z6x+6Qy6jYle6rYHu3u9teGdyrzQ6H6geUQJpchIVC3DTDX+YekavdDVk0zrnvIm
         Zx/fAH/xmfy85UudfZCwhl/BbwhER7NKKuvINb0TJwNUzolWg6OkxzD8LO0EuqogK0o4
         z+d5ZbwG8q/WdKXSFg4pFvSiZYoTZmaJ/iOZli22Q+WA+6O0EvUUcEGMSCKy8/LHaKXT
         AWtstuZBHqCridYmN0Bocx7zpOG9LDDaoIugPFYbx+yd+BTke6hKA8cgSQkx/dT4Rug3
         Akhg==
X-Gm-Message-State: AElRT7GYLE9TUcehgBtVo82FkgE5PJpHy0cNpqhr63fv4SPVlez/q7M0
        sf5w3uE/lQxULU4V81wSSSXK/u+q58lS3MDLYdEU
X-Received: by 10.46.20.30 with SMTP id u30mr5781834ljd.12.1520869984567; Mon,
 12 Mar 2018 08:53:04 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a19:d8a7:0:0:0:0:0 with HTTP; Mon, 12 Mar 2018 08:53:03
 -0700 (PDT)
X-Originating-IP: [108.20.156.165]
In-Reply-To: <20180312152614.qvcxng3biug46lms@madcap2.tricolour.ca>
References: <cover.1520835596.git.rgb@redhat.com> <ce98e9600a8d7d0169067ae9f3e3a5ae2fb1f54a.1520835596.git.rgb@redhat.com>
 <CAHC9VhRh094wMJkiBY+iStfwMEotHMrOCWUSW23gva_ccknuqg@mail.gmail.com> <20180312152614.qvcxng3biug46lms@madcap2.tricolour.ca>
From:   Paul Moore <paul@paul-moore.com>
Date:   Mon, 12 Mar 2018 11:53:03 -0400
Message-ID: <CAHC9VhR-2tQAsDHDNto7GWkSrCLWGuURexxsxDxECfY9KoVvww@mail.gmail.com>
Subject: Re: [PATCH ghak21 V2 3/4] audit: add refused symlink to audit_names
To:     Richard Guy Briggs <rgb@redhat.com>
Cc:     Linux-Audit Mailing List <linux-audit@redhat.com>,
        LKML <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Mar 12, 2018 at 11:26 AM, Richard Guy Briggs <rgb@redhat.com> wrote:
> On 2018-03-12 11:12, Paul Moore wrote:
>> On Mon, Mar 12, 2018 at 2:31 AM, Richard Guy Briggs <rgb@redhat.com> wrote:
>> > Audit link denied events for symlinks had duplicate PATH records rather
>> > than just updating the existing PATH record.  Update the symlink's PATH
>> > record with the current dentry and inode information.
>> >
>> > See: https://github.com/linux-audit/audit-kernel/issues/21
>> > Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
>> > ---
>> >  fs/namei.c | 1 +
>> >  1 file changed, 1 insertion(+)
>>
>> Why didn't you include this in patch 4/4 like I asked during the
>> previous review?
>
> Please see the last comment of:
> https://www.redhat.com/archives/linux-audit/2018-March/msg00070.html

Yes, I just saw that ... I hadn't seen your replies on the v1 patches
until I had finished reviewing v2.  I just replied to that mail in the
v1 thread, but basically you need to figure out what is necessary here
and let us know.  If I have to figure it out it likely isn't going to
get done with enough soak time prior to the upcoming merge window.

>> > diff --git a/fs/namei.c b/fs/namei.c
>> > index 50d2533..00f5041 100644
>> > --- a/fs/namei.c
>> > +++ b/fs/namei.c
>> > @@ -945,6 +945,7 @@ static inline int may_follow_link(struct nameidata *nd)
>> >         if (nd->flags & LOOKUP_RCU)
>> >                 return -ECHILD;
>> >
>> > +       audit_inode(nd->name, nd->stack[0].link.dentry, 0);
>> >         audit_log_link_denied("follow_link", &nd->stack[0].link);
>> >         return -EACCES;
>> >  }
>>
>> paul moore
>
> - RGB
>
> --
> Richard Guy Briggs <rgb@redhat.com>
> Sr. S/W Engineer, Kernel Security, Base Operating Systems
> Remote, Ottawa, Red Hat Canada
> IRC: rgb, SunRaycer
> Voice: +1.647.777.2635, Internal: (81) 32635



-- 
paul moore
www.paul-moore.com