Received: by 10.213.65.68 with SMTP id h4csp668047imn; Tue, 13 Mar 2018 17:23:52 -0700 (PDT) X-Google-Smtp-Source: AG47ELvlCPBKnUDPhp+taYQJiGnw7ikEgshbg3x9fgSqHGciGyGugokJURMTQkAYLt/e7dYo68Be X-Received: by 2002:a17:902:3084:: with SMTP id v4-v6mr2283175plb.102.1520987032601; Tue, 13 Mar 2018 17:23:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1520987032; cv=none; d=google.com; s=arc-20160816; b=ze9hPBYqbVp8v2R4QUIFCOw4xnESa7G6rJ/ADySVRjb9u6jAnROkQD1sYSe1Bs60/G /5NK0zsn4Opkut3gw4b8x0ux/CJkgeP1mNKV0Q/g/8qM4m0J5rhy2mChbea//HYCV1dO U6BCrsfHoCgxyrqnUCpv1DzsImEm67jifWJmlmjfmhACtbDkrn+ErXuI2OwRE8Va/VeY PHO9+zonsBJqX1C88Pdevi7NHWcaOG5HBIAb54hf0E3nUs/neNryEwUBSOw1l+KUBtrQ MPkoVozY9S3Nxts2qKnuqewZbBC/7iF2XYbZ9zVCtlk6NgZ2Q7KaB3hAkQ0+hw4JgSkF XJ4w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dmarc-filter :arc-authentication-results; bh=ZaGV9As12G5kBJUJKi5/fQVESVLJnDxV55NAJpzKSJI=; b=jsCSMxR2trS3hsJamED4oUdl+TVsgHXanRn/8Pf+3FdQqxr70kfJ8lGvRJ7wAKBW4o p6C11ctLIAQ2L4DCw8g/E94mHotHZj1ZVeU2i0pAKi/KGGGNrxGLiiPvn9UZlFhGUDkk io/GMoMudDL6LmdV3BAXoQD+AYBOtsl3TwDStNHSr6OBhztTW0uwyfz4Uw1aey0ry9hK 7YNNl7RYl6XIrbaA3oiBR8m8g5o6vaOdlViorxuBbPsuS+ZP8uEsBb3w264JTDDkazu/ 1pku8QdHrAD1/2uxUROwXXLLnu3arsxHUd7Nukw0DQ1ikWB5RcMM8e0nch23awGbSZXi TZkQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b187si891092pgc.205.2018.03.13.17.23.38; Tue, 13 Mar 2018 17:23:52 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932933AbeCNAWp (ORCPT + 99 others); Tue, 13 Mar 2018 20:22:45 -0400 Received: from mail.kernel.org ([198.145.29.99]:42828 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932634AbeCNAWo (ORCPT ); Tue, 13 Mar 2018 20:22:44 -0400 Received: from mail-it0-f51.google.com (mail-it0-f51.google.com [209.85.214.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9FCAC205F4 for ; Wed, 14 Mar 2018 00:22:43 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9FCAC205F4 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=luto@kernel.org Received: by mail-it0-f51.google.com with SMTP id n136-v6so2361824itg.5 for ; Tue, 13 Mar 2018 17:22:43 -0700 (PDT) X-Gm-Message-State: AElRT7FfdUyiwrzntHOKV8icfC1fs7uUsmlOtAJne8M1wkf24kzDTDln zxmp8ggifl0K5/rV/C0xq3peJUF5hxvW8u+7mbLMsw== X-Received: by 10.36.78.14 with SMTP id r14mr43236ita.146.1520986963089; Tue, 13 Mar 2018 17:22:43 -0700 (PDT) MIME-Version: 1.0 Received: by 10.2.137.101 with HTTP; Tue, 13 Mar 2018 17:22:22 -0700 (PDT) In-Reply-To: <20180310111535.2e3202bc@ivy-bridge> References: <20180310111535.2e3202bc@ivy-bridge> From: Andy Lutomirski Date: Wed, 14 Mar 2018 00:22:22 +0000 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] audit: set TIF_AUDIT_SYSCALL only if audit filter has been populated To: Steve Grubb Cc: Paul Moore , Jiri Kosina , Andy Lutomirski , linux-audit@redhat.com, Andrew Morton , Michal Hocko , Oleg Nesterov , LKML Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Mar 10, 2018 at 10:15 AM, Steve Grubb wrote: > On Wed, 7 Mar 2018 18:43:42 -0500 > Paul Moore wrote: >> ... and I just realized that linux-audit isn't on the To/CC line, >> adding them now. >> >> Link to the patch is below. >> >> * https://marc.info/?t=152041887600003&r=1&w=2 > > Yes...I wished I was in on the beginning of this discussion. Here's the > problem. We need all tasks auditable unless specifically dismissed as > uninteresting. This would be a task,never rule. > > The way we look at it, is if it boots with audit=1, then we know auditd > is expected to run at some point. So, we need all tasks to stay > auditable. If they weren't and auditd enabled auditing, then we'd need > to walk the whole proctable and stab TIF_AUDIT_SYSCALL into every > process in the system. It was decided that this is too ugly. When was that decided? That's what this patch does.