Received: by 10.192.165.148 with SMTP id m20csp147303imm; Thu, 19 Apr 2018 18:12:22 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+MujxeG3MJPSqbEHEjP1d3VGKonx3zth6NAkUYA+8TZ67UfuzHBdPQnL6cTj3pBS3OzpJc X-Received: by 10.99.126.9 with SMTP id z9mr6962235pgc.437.1524186742388; Thu, 19 Apr 2018 18:12:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524186742; cv=none; d=google.com; s=arc-20160816; b=reqnnvvLEe2UctZmlSScNTCBZhjbrqgSHwHq9HIiRDhFhOTiKLribORQ345l6kH0TV Fn4t9mE+AgXT4hK2uJ8gQ8EgAG/8qAc2iy90GM1+MrA3BAe6P9kSYzbKE+6hM0kE9Xrt 3tNNYPRY1ZczqoYbwPB/dWATDOJtGJE3/BMMmhERoZMsrjcYzhgfbtCGYFiLCz+zmrN2 iL6HCJsA8vuh7kFlLd1HfnHKjXGRFeHAErXhgcjrIou8l8yInLNRXXnLn4EcCb+j7i2Y uBu4SwBnK63cPaNgBlvrbgJOoFhjHdn5gGCRnIGboVX2HW7hRC6Nz/GNpmkd0K+9pBkH ysjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=F/Qxu/s6o8plx7ntqxx+m9VwjTJUj/AibIcUQG+6kLk=; b=PH7Fqb/k9RMetc8jatpI3cIUOZbBZYv7/a0EE0if8L2ePvmm2jqHK46G/Yc/QYOIWx zYKAzyzJ1HQzv0KC4SEoc3Hi1IlJrhd7GOJt+w97gBDkMXYZA+TyTpksqgpIe9AzVG1J NNz2nl2A4DIg529oMFAU1I1U+FQ7f/n+S6gqXpfAndY32WzZJBdVxC5LQ6ytr/tVfdQN h+G8iLNNbyWhTI2zHmzrlAQL/FsqSK/h3Z3bIQZAku0ZawNMChGmPUe47c4BhK2b4Qpz Rub0uD2vmogxjSKW2tAJO9Us7cCQYPpVbZs5KGtGYmRlovMVwpDi3x/Af+BLVs0bzKYz FNBg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y70si4384477pfg.121.2018.04.19.18.12.08; Thu, 19 Apr 2018 18:12:22 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754245AbeDTBJ3 (ORCPT + 99 others); Thu, 19 Apr 2018 21:09:29 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:39692 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1754002AbeDTBJ0 (ORCPT ); Thu, 19 Apr 2018 21:09:26 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 054B14073191; Fri, 20 Apr 2018 01:09:26 +0000 (UTC) Received: from madcap2.tricolour.ca (ovpn-112-12.rdu2.redhat.com [10.10.112.12]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1923710EE6CC; Fri, 20 Apr 2018 01:09:15 +0000 (UTC) Date: Thu, 19 Apr 2018 21:03:20 -0400 From: Richard Guy Briggs To: Paul Moore Cc: cgroups@vger.kernel.org, containers@lists.linux-foundation.org, linux-api@vger.kernel.org, Linux-Audit Mailing List , linux-fsdevel@vger.kernel.org, LKML , netdev@vger.kernel.org, ebiederm@xmission.com, luto@kernel.org, jlayton@redhat.com, carlos@redhat.com, dhowells@redhat.com, viro@zeniv.linux.org.uk, simo@redhat.com, Eric Paris , serge@hallyn.com Subject: Re: [RFC PATCH ghak32 V2 05/13] audit: add containerid support for ptrace and signals Message-ID: <20180420010320.panie6mtdafxl65y@madcap2.tricolour.ca> References: <8c7ff567377f4a83edac48e962c1b5b824b523c8.1521179281.git.rgb@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20171027 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.5]); Fri, 20 Apr 2018 01:09:26 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.5]); Fri, 20 Apr 2018 01:09:26 +0000 (UTC) for IP:'10.11.54.3' DOMAIN:'int-mx03.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'rgb@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2018-04-18 20:32, Paul Moore wrote: > On Fri, Mar 16, 2018 at 5:00 AM, Richard Guy Briggs wrote: > > Add container ID support to ptrace and signals. In particular, the "op" > > field provides a way to label the auxiliary record to which it is > > associated. > > > > Signed-off-by: Richard Guy Briggs > > --- > > include/linux/audit.h | 16 +++++++++++----- > > kernel/audit.c | 12 ++++++++---- > > kernel/audit.h | 2 ++ > > kernel/auditsc.c | 19 +++++++++++++++---- > > 4 files changed, 36 insertions(+), 13 deletions(-) > > ... > > > diff --git a/kernel/audit.c b/kernel/audit.c > > index a12f21f..b238be5 100644 > > --- a/kernel/audit.c > > +++ b/kernel/audit.c > > @@ -142,6 +142,7 @@ struct audit_net { > > kuid_t audit_sig_uid = INVALID_UID; > > pid_t audit_sig_pid = -1; > > u32 audit_sig_sid = 0; > > +u64 audit_sig_cid = INVALID_CID; > > > > /* Records can be lost in several ways: > > 0) [suppressed in audit_alloc] > > @@ -1438,6 +1439,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) > > memcpy(sig_data->ctx, ctx, len); > > security_release_secctx(ctx, len); > > } > > + sig_data->cid = audit_sig_cid; > > audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, > > sig_data, sizeof(*sig_data) + len); > > kfree(sig_data); > > @@ -2051,20 +2053,22 @@ void audit_log_session_info(struct audit_buffer *ab) > > > > /* > > * audit_log_container_info - report container info > > - * @tsk: task to be recorded > > * @context: task or local context for record > > + * @op: containerid string description > > + * @containerid: container ID to report > > */ > > -int audit_log_container_info(struct task_struct *tsk, struct audit_context *context) > > +int audit_log_container_info(struct audit_context *context, > > + char *op, u64 containerid) > > { > > struct audit_buffer *ab; > > > > - if (!audit_containerid_set(tsk)) > > + if (!cid_valid(containerid)) > > return 0; > > /* Generate AUDIT_CONTAINER_INFO with container ID */ > > ab = audit_log_start(context, GFP_KERNEL, AUDIT_CONTAINER_INFO); > > if (!ab) > > return -ENOMEM; > > - audit_log_format(ab, "contid=%llu", audit_get_containerid(tsk)); > > + audit_log_format(ab, "op=%s contid=%llu", op, containerid); > > audit_log_end(ab); > > return 0; > > } > > Let's get these changes into the first patch where > audit_log_container_info() is defined. Why? This inserts a new field > into the record which is a no-no. Yes, it is one single patchset, but > they are still separate patches and who knows which patches a given > distribution and/or tree may decide to backport. Fair enough. That first thought went through my mind... Would it be sufficient to move that field addition to the first patch and leave the rest here to support trace and signals? > > diff --git a/kernel/auditsc.c b/kernel/auditsc.c > > index 2bba324..2932ef1 100644 > > --- a/kernel/auditsc.c > > +++ b/kernel/auditsc.c > > @@ -113,6 +113,7 @@ struct audit_aux_data_pids { > > kuid_t target_uid[AUDIT_AUX_PIDS]; > > unsigned int target_sessionid[AUDIT_AUX_PIDS]; > > u32 target_sid[AUDIT_AUX_PIDS]; > > + u64 target_cid[AUDIT_AUX_PIDS]; > > char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN]; > > int pid_count; > > }; > > @@ -1422,21 +1423,27 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts > > for (aux = context->aux_pids; aux; aux = aux->next) { > > struct audit_aux_data_pids *axs = (void *)aux; > > > > - for (i = 0; i < axs->pid_count; i++) > > + for (i = 0; i < axs->pid_count; i++) { > > + char axsn[sizeof("aux0xN ")]; > > + > > + sprintf(axsn, "aux0x%x", i); > > if (audit_log_pid_context(context, axs->target_pid[i], > > axs->target_auid[i], > > axs->target_uid[i], > > axs->target_sessionid[i], > > axs->target_sid[i], > > - axs->target_comm[i])) > > + axs->target_comm[i]) > > + && audit_log_container_info(context, axsn, axs->target_cid[i])) > > Shouldn't this be an OR instead of an AND? Yes. Bash-brain... > > call_panic = 1; > > + } > > } > > > > if (context->target_pid && > > audit_log_pid_context(context, context->target_pid, > > context->target_auid, context->target_uid, > > context->target_sessionid, > > - context->target_sid, context->target_comm)) > > + context->target_sid, context->target_comm) > > + && audit_log_container_info(context, "target", context->target_cid)) > > Same question. Yes. > > call_panic = 1; > > > > if (context->pwd.dentry && context->pwd.mnt) { > > -- > paul moore > www.paul-moore.com - RGB -- Richard Guy Briggs Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635