Received: by 10.192.165.148 with SMTP id m20csp446258imm; Fri, 20 Apr 2018 09:15:04 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+Z0FnBjYyK0MsO4dVPiMbtMw32wd1JA4ElPHZ+FKMRHwSbBrnfBsy8tTswL4AYJXArRqCK X-Received: by 10.101.73.68 with SMTP id q4mr9253641pgs.424.1524240904231; Fri, 20 Apr 2018 09:15:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524240904; cv=none; d=google.com; s=arc-20160816; b=kgXkDxbDFx1/nIOamtKVZw4peEhbi00kT2/AQmBTBfEmqq6s8bRsnIZC1wSwK6w4VE B/L2NZXX5t4VaUVQvxK+oCS9hgrNjjtkF2Yzlp4qA27zIi5+rpV99doqKW50MEXxi/Uc xOB5cZ+bmZAmaPAv78a4LIaD8dHU0FfW0GZsqPmfeWUN2kNXMOle2kPFnl21TFNHKj3h yGmon2M2r3Kt60tE+0orneMJgKhZfCW1WThwJfQbFsIhZR4TxiAUFsdT9Rxi/kyWv0wn JQUQK37uhmav/4rD4rfYHD5JYW+i9ARdZ8OMb861Dqblhkvpuy4X+VlTUF/3DhEIHtdA NXEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=lSWrz9xMdOzMQkDy7Ure7s+aPdAyW/aBIlB0VEdxE9c=; b=oYv1lNVAIOyasz5QYtYya9ji1JDBRR6HUOhuRffnDI5M5Jz/arkSxkok9X25sQSmzc DgaG/+Z2AeS9iNmprzD1RmHj0fEJKJleSocWHV0ltjjRwCB1skW7dQFBMIvGQZ2l1oJV gp4qkk+Ymz2gQjtdhO7LAWF99xBCaIDwxVye7xCBFcBpJ3xKdGcrC4g3a8KB7UqQWVAr p006GUB+NGn4BmiOnq7Y0FsRW3zg5iYVjdcF18SoUUki4ps0zZaRSfNbnaYpYZ7rUw2W h7MgJktdHlusoEdWIl37TYY9YAkYSuqAp67sq/JvdQgEMgXlCkAdP2e9Ph0sHHKWbY4U +tCQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=DmHxRF+A; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e5-v6si5888599plt.209.2018.04.20.09.14.48; Fri, 20 Apr 2018 09:15:04 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=DmHxRF+A; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751381AbeDTQNm (ORCPT + 99 others); Fri, 20 Apr 2018 12:13:42 -0400 Received: from mail-lf0-f68.google.com ([209.85.215.68]:42220 "EHLO mail-lf0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750841AbeDTQNj (ORCPT ); Fri, 20 Apr 2018 12:13:39 -0400 Received: by mail-lf0-f68.google.com with SMTP id u21-v6so4310611lfu.9 for ; Fri, 20 Apr 2018 09:13:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=lSWrz9xMdOzMQkDy7Ure7s+aPdAyW/aBIlB0VEdxE9c=; b=DmHxRF+A9T6qjrxs2iBGTWcSS17V8jdDstPTgXJCefsOwtYhyEuYe0vvEIKLWneQzy wCbEj8jawi/qdmP1iEj6GtsILZxG1Ezmu/SIH04ZKe4SCI8gDTKnAuXUnpvE8R9EXNeO S2HswrKhoed+n22+SSSe6nq5JrF6k/GT2KOEG3GkXVjMFKnchkJRhlorc9I0Y/IaR+Jj F9BFDeldeD3FZG15/OUaVl8dkMdFjMONLAhQKtcPAOqvy1uREbRv9OiwBhPXVmmSAWyX IcJ4IB5Yx7FEiip9yTrI4B0hWuC0CgKaL2cO1Z89OJBv20YpYlpMGxC9p8x2op+QSzS/ hALA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=lSWrz9xMdOzMQkDy7Ure7s+aPdAyW/aBIlB0VEdxE9c=; b=OKxodffrjw/qZG91H6ECy5eC/rjbYW1Ep6C58Gsv+h4y6rCJWW3fv2RGp9i8ksf91x VBTfNZSobb9o8EZG3oxBT+pS/YDP1QSNZTEaxLWpJZ0GU5hXTVp2k5MHSqEjKL7LVdQu fR9aLh7/uIspKD0RcbWWN672jfxMiQLmCG432EbD4bT+P5NnzHAokd+NRqRo2bdNZTfF ZDYhSHlLwvpcHrcqVsJWlsvDiDHL6LQTjqEqZ9NTc5A6NJ6sD3hyBgsnts8/MVWZ7hD7 7y6lNLu9xryEBnwxlVLbILj1k1G+j4bDxLjdbVy2ZwgFyX1RzM3ipcb/l3pi/nlhlaLf 30iw== X-Gm-Message-State: ALQs6tADkbUT2SaRI2OEyv4cRBH28vd/wU4xdZxf+VHc8D1T1cUI2Xtt WcNzNkhCDciTMBjJVoH3m2tEtPPkD5f0drmzsD+G X-Received: by 10.46.0.208 with SMTP id e77mr7900967lji.12.1524240818079; Fri, 20 Apr 2018 09:13:38 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a19:a5c3:0:0:0:0:0 with HTTP; Fri, 20 Apr 2018 09:13:37 -0700 (PDT) X-Originating-IP: [108.20.156.165] In-Reply-To: <20180420010320.panie6mtdafxl65y@madcap2.tricolour.ca> References: <8c7ff567377f4a83edac48e962c1b5b824b523c8.1521179281.git.rgb@redhat.com> <20180420010320.panie6mtdafxl65y@madcap2.tricolour.ca> From: Paul Moore Date: Fri, 20 Apr 2018 12:13:37 -0400 Message-ID: Subject: Re: [RFC PATCH ghak32 V2 05/13] audit: add containerid support for ptrace and signals To: Richard Guy Briggs Cc: cgroups@vger.kernel.org, containers@lists.linux-foundation.org, linux-api@vger.kernel.org, Linux-Audit Mailing List , linux-fsdevel@vger.kernel.org, LKML , netdev@vger.kernel.org, ebiederm@xmission.com, luto@kernel.org, jlayton@redhat.com, carlos@redhat.com, dhowells@redhat.com, viro@zeniv.linux.org.uk, simo@redhat.com, Eric Paris , serge@hallyn.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Apr 19, 2018 at 9:03 PM, Richard Guy Briggs wrote: > On 2018-04-18 20:32, Paul Moore wrote: >> On Fri, Mar 16, 2018 at 5:00 AM, Richard Guy Briggs wrote: ... >> > /* >> > * audit_log_container_info - report container info >> > - * @tsk: task to be recorded >> > * @context: task or local context for record >> > + * @op: containerid string description >> > + * @containerid: container ID to report >> > */ >> > -int audit_log_container_info(struct task_struct *tsk, struct audit_context *context) >> > +int audit_log_container_info(struct audit_context *context, >> > + char *op, u64 containerid) >> > { >> > struct audit_buffer *ab; >> > >> > - if (!audit_containerid_set(tsk)) >> > + if (!cid_valid(containerid)) >> > return 0; >> > /* Generate AUDIT_CONTAINER_INFO with container ID */ >> > ab = audit_log_start(context, GFP_KERNEL, AUDIT_CONTAINER_INFO); >> > if (!ab) >> > return -ENOMEM; >> > - audit_log_format(ab, "contid=%llu", audit_get_containerid(tsk)); >> > + audit_log_format(ab, "op=%s contid=%llu", op, containerid); >> > audit_log_end(ab); >> > return 0; >> > } >> >> Let's get these changes into the first patch where >> audit_log_container_info() is defined. Why? This inserts a new field >> into the record which is a no-no. Yes, it is one single patchset, but >> they are still separate patches and who knows which patches a given >> distribution and/or tree may decide to backport. > > Fair enough. That first thought went through my mind... Would it be > sufficient to move that field addition to the first patch and leave the > rest here to support trace and signals? I should have been more clear ... yes, that's what I was thinking; the record format is the important part as it's user visible. -- paul moore www.paul-moore.com