Received: by 10.192.165.156 with SMTP id m28csp552809imm; Tue, 17 Apr 2018 15:08:27 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+IKMjmrmFi+I8aVnnUVDPE+dTbflUr6tSlYigVp4WktDr/JKJUKMQfLSxrJeMmQ9JwCTwS X-Received: by 2002:a17:902:7004:: with SMTP id y4-v6mr3728150plk.3.1524002907562; Tue, 17 Apr 2018 15:08:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524002907; cv=none; d=google.com; s=arc-20160816; b=CP6FUgGDULNTBUwPrW+QB+cJsOZgEeL6RwOKDZdo4LCa3sNIZm4H+AHpVA8P0tPSHU rdVbHyODhrmV3025NTBhu/n6nvNQnEpE7hUB4g5mhEaMXcnOxxKp+IHWGhlmAb5alqyp WFf9qzOr6hBzKoDxO128BxaV8eJNehW4zNZbYEosMaQ37U/6Ib65Hswn3Rxn1IUq/iBT VFP9y4GUPdwKYNqsqVPTydqNIevkYeW++TUhpmjsO3dnZQWkM9lDx7Hs6d1c50ux5WIb JDLRyItltCQ7sIxfpofK9br9d92RfmHitlR6x/vl8cTP5hhPvrUudoOvMV11ysa9vdbZ fQ0Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=LF71yveolY+LrLfB0MVUoMmtZ+6HVQWRtWmhU599snI=; b=ShPzAe8GnhxLaUl9uggc7uwBdD+7Nx9Lz7ngFepuD/IY2vwYrR2LqPP/ZTmio2kQJ1 L8VewqAOsP638H0XeGN0n7F+D5FAg9L9YzXoY486nmWnZtSfTMoQRrxW4S3XiyUEvH97 AJOpSsqGK1zk0kx9OEk/liRFNUA9CyUpKZqS/qvpvFGYK9N2S7EAXDcEyieS4Hj+ZMr7 jYCpSJb8U8+dcZbC9BJHHHufGr2pZvl817Jjuu0PfEwyF2v7tvc5pi1c9BXc4p8Q/Y3B FOZiKje4qN5de5mmJHwC9lfIdoJ1T+pbU2bfi5BFKKWhzpJ7JdtSd+qQFBMO+1XMNMWq t8ag== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=KQQTpmEe; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x10-v6si14865485plv.563.2018.04.17.15.08.13; Tue, 17 Apr 2018 15:08:27 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=KQQTpmEe; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753071AbeDQWG2 (ORCPT + 99 others); Tue, 17 Apr 2018 18:06:28 -0400 Received: from mail-lf0-f67.google.com ([209.85.215.67]:33236 "EHLO mail-lf0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752939AbeDQWG1 (ORCPT ); Tue, 17 Apr 2018 18:06:27 -0400 Received: by mail-lf0-f67.google.com with SMTP id d79-v6so3810856lfd.0 for ; Tue, 17 Apr 2018 15:06:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=LF71yveolY+LrLfB0MVUoMmtZ+6HVQWRtWmhU599snI=; b=KQQTpmEedPpNh20f/T8EvaaZJO23gRTFlrQg05oohlkH6NDiYvXZEkMFIv8m3R8C3P DIgwmiw95qpNy7fBpHyO6q8TIjA77LgkXn6ftQ+JtJTcYTN+Lv3C+A65ma9EcW6Ku8Sg CQR/f69Q0cv7Da+r7k/BY1a7tS7yMWN20kOgYy+bzCk7lm0ycHQeiB2Tn+hhXBijDHu1 JLkKZJx3DKmwSwDO0q6mXAw4dB7RenPCj57fRoe5bCk2Jory44PSO/rN+936QwIdNS4L oiYZqKUcjfgURJ/iiROHhHeFuFuOSeNWaAE7EuW72mggN06dc+To0o8qBRyO6lVf4MO9 DR0A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=LF71yveolY+LrLfB0MVUoMmtZ+6HVQWRtWmhU599snI=; b=kjAoTQ+6tmmTEWo9QvuRtXdLXtuqv9jxobPMqQ3iE4nRDspHGgattTbwonicKGspk/ BZDG6Hw9T1aQK7d9bMWkCJaeeZTVFSn/+bXZ9e3UX5+HAd1Hn5zz7kbtbDP668bmsyN5 6ovWmuoOfcXzl4IH/Q7108XcvXuytv5apfA69s6IuqwKtbo0HyJsMuz3KfkPaZEY2Nli c2NEqcFAKHU9rU8n9crLIRTNToCYJwmCmPWJRsxavrpFA3NSw8tjMIaHPtlEIk1xcNLF WOIk5aCUcHQXC395lRWcdF0V1ouh/ogsytVv61tkDSX5HpwyNCBHu8NM9lNCSJDew7iC bOGw== X-Gm-Message-State: ALQs6tAKCq84TvUFfj35YrhuJJEchMxsePYx8shebOyaQyhnGBGxjDJT e8cIIoO3nkfdGeNy6BB/19mEHX2jb7Y4xVeh9zd7 X-Received: by 10.46.135.7 with SMTP id m7mr2652004lji.106.1524002785623; Tue, 17 Apr 2018 15:06:25 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a19:a5c3:0:0:0:0:0 with HTTP; Tue, 17 Apr 2018 15:06:24 -0700 (PDT) X-Originating-IP: [108.20.156.165] In-Reply-To: <08bd08ee9bc70f6e98b9e298ba6a2c0f4dcadb4b.1523372093.git.rgb@redhat.com> References: <08bd08ee9bc70f6e98b9e298ba6a2c0f4dcadb4b.1523372093.git.rgb@redhat.com> From: Paul Moore Date: Tue, 17 Apr 2018 18:06:24 -0400 Message-ID: Subject: Re: [PATCH ghak80 V1] audit: add syscall information to FEATURE_CHANGE records To: Richard Guy Briggs Cc: Linux-Audit Mailing List , LKML , Eric Paris , Steve Grubb Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 11, 2018 at 8:46 AM, Richard Guy Briggs wrote: > Tie syscall information to FEATURE_CHANGE calls since it is a result of > user action. > > See: https://github.com/linux-audit/audit-kernel/issues/80 > > Signed-off-by: Richard Guy Briggs > --- > kernel/audit.c | 5 ++--- > 1 file changed, 2 insertions(+), 3 deletions(-) > > diff --git a/kernel/audit.c b/kernel/audit.c > index 8da24ef..23f125b 100644 > --- a/kernel/audit.c > +++ b/kernel/audit.c > @@ -1103,10 +1103,9 @@ static void audit_log_feature_change(int which, u32 old_feature, u32 new_feature > { > struct audit_buffer *ab; > > - if (audit_enabled == AUDIT_OFF) > + if (!audit_enabled) Sooo, this is an unrelated style change, why? Looking at the rest of kernel/audit.c we seem to use a mix of "(!x)" and "(x == 0/CONST)" so why are you adding noise to this patch? > return; > - > - ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_FEATURE_CHANGE); > + ab = audit_log_start(current->audit_context, GFP_KERNEL, AUDIT_FEATURE_CHANGE); This is the important part, and the Right Thing To Do. > if (!ab) > return; > audit_log_task_info(ab, current); > -- > 1.8.3.1 -- paul moore www.paul-moore.com