Received: by 10.192.165.148 with SMTP id m20csp862140imm; Wed, 2 May 2018 09:57:57 -0700 (PDT) X-Google-Smtp-Source: AB8JxZpD89igJd3Nlvczm8HqUBTU5GIpq2/+tbrt2WIvjfbHstQqUJrqV011XJYX+WO8oe9bgj+E X-Received: by 2002:a17:902:1681:: with SMTP id h1-v6mr20683119plh.145.1525280277308; Wed, 02 May 2018 09:57:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525280277; cv=none; d=google.com; s=arc-20160816; b=yREaIpLgkIN+o7fOsm6R99EPwNt4emO4Cx1+WhDp/G+cE4bhiUHPCDIheSgosQKu4S UL3TdCtbIhzOswcibYIfO7o3JTSYH48RVxXhUCwuSxBV+p8pqIkLdqAmTJ0q/WG3qrH0 +OLCpHFxuF9p+OEROXwOesiXbVb6xhoVXFWcd7wNG9F75Es06aDQRIU2o0+DCCS/gmKx 8wX62GUl9xs1qqElpzPAqzGC2TTLbVRRg5//rDLmvbiVp4ZdKFxGxahpaEBvNQqEXSgC RdnYbZHhuDqIWUcDyUl5a1OjMXYuP607GIqsETLAw7N9sUSv4U9m8DO/1fxASHY5bbp8 yFEA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=K8d6C5TrMGgYKyPv72Dl+o5N5VZTWRwTFfwjmFwYVl8=; b=nkliqHxyQM34jDN+IDW/8srJFlVWgbfnKIloKxLjPur24Mlq76pN2G/yqIRblzWJWZ r0W5QxJcVq2ame11FiWSIyAm55qqxpV2FWXT0mGDt6+Q/i+6nUQUusD4FQ2Kfv/qjhLa G6nau3Uon52jvjjV1ro5SfMn8ST8zWJAEYDfO7Z3iyqznd/PxjrntSHScLQvQdIc+c+O BKksD7fHQ50UueIgkDPvXAsi+Inkab6CNmLwKBQrZirdZkp1DMZ7rxAEDqYGUY/S135Q 8QGyNxoWeFW20IgHGgEy5Res3uZP4G588/rMuIYpEstvCIma74HO2NuUCXT8tRurAvu3 Wq5g== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=lejUOmNW; dkim=fail header.i=@chromium.org header.s=google header.b=G9U3jkKw; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a66si11423543pfb.81.2018.05.02.09.57.43; Wed, 02 May 2018 09:57:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=lejUOmNW; dkim=fail header.i=@chromium.org header.s=google header.b=G9U3jkKw; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751925AbeEBQ5O (ORCPT + 99 others); Wed, 2 May 2018 12:57:14 -0400 Received: from mail-ua0-f193.google.com ([209.85.217.193]:39976 "EHLO mail-ua0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751602AbeEBQ5I (ORCPT ); Wed, 2 May 2018 12:57:08 -0400 Received: by mail-ua0-f193.google.com with SMTP id g9so9930895uak.7 for ; Wed, 02 May 2018 09:57:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=K8d6C5TrMGgYKyPv72Dl+o5N5VZTWRwTFfwjmFwYVl8=; b=lejUOmNWqEHkY4FIlxoVZcMOjHJhCxuOiPZQePicGwK6UIB+2z1UzX7Jh33GfqTSZo a44cXgWrLQ1xK8TGJc8N9xBqPZaZUi/wZT196farAxUJWbSx4U4UmlQkODOvj3Sr5ka9 k+/EherdFWHlWJMskEuPO/feuuDFxnJ7BDa1jymyDve6GX3P9Ide107gFNUwrSU7QWjj 4LbDBLcrJUPtc2hJ0CU7K/5AolmyeOeKcGRI6AkJM9UR0ivKk18Ky3gm6VR5Cco6wmrh m6BASljjAD9rMTbKximRkM8NqA7kILveJm6DV05tqBCZhpvAs+bx4SmUAZhRGNYTwpg0 xuhQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=K8d6C5TrMGgYKyPv72Dl+o5N5VZTWRwTFfwjmFwYVl8=; b=G9U3jkKwo3kRYgnZYc3ueAFRwObQOIT6/E//oWNfU1DgY8U2PUwc/6G2A7wdpjDtGo dHCMyRi973kGXzb8xdqLYMYW5uXYJ8TH6eMGJFg+1HYaSf1Yt/cZX3l69eAzA6/ODn9U 3NFMPL3GZ7JDFRrUSf3nEHkmYKIpXbyTFUyo0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=K8d6C5TrMGgYKyPv72Dl+o5N5VZTWRwTFfwjmFwYVl8=; b=EN4EN4zpuimIRm9PtMS3+kiU59qH4ExzKqNqP3H9AemY0r1MyiAKcR7nIi6yLym/tJ FevaeVJ0IE1m11q0Yl9cbFjkVmADZii2FdXh/AQ1bVMPo09uql5TzVZ8kvST6ix23cz0 k/qvmTyd4DqXhYjb02BHGSjeZ311/UZfF7YaBuHNazIi5AOj7Km45KP2ixJDj+QqOtkY W1spIwjRbNwAyeDr8qNAwM1peU6u9RpHRdKf8D6qRa7VWNE3iD6A9b4Hveg43etWqwH+ GzJe21G+jTsm2BK9v5EDqB13BJsSxnuw35VFzFqCiikinp2zV5B3r/8yU9NuGRbFSwM1 lE1w== X-Gm-Message-State: ALQs6tCDWTzxW/FPT9QtWC9JxGbgw8IN5JkPLQV6/LvOvJaXvjNK+Dm3 IplZ+1CGgq15cMYy8O8aaLxpaEWIEk0cSypGJZtwlQ== X-Received: by 10.159.40.35 with SMTP id c32mr19870080uac.193.1525280226376; Wed, 02 May 2018 09:57:06 -0700 (PDT) MIME-Version: 1.0 Received: by 10.31.11.209 with HTTP; Wed, 2 May 2018 09:57:05 -0700 (PDT) In-Reply-To: <1525276400-7161-5-git-send-email-tyhicks@canonical.com> References: <1525276400-7161-1-git-send-email-tyhicks@canonical.com> <1525276400-7161-5-git-send-email-tyhicks@canonical.com> From: Kees Cook Date: Wed, 2 May 2018 09:57:05 -0700 X-Google-Sender-Auth: GB4wDQPPPhD2zcH22WBY16U0fnE Message-ID: Subject: Re: [PATCH v2 4/4] seccomp: Don't special case audited processes when logging To: Tyler Hicks Cc: LKML , Andy Lutomirski , Will Drewry , Paul Moore , Eric Paris , Steve Grubb , Jonathan Corbet , Linux Audit , linux-security-module , linux-doc@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, May 2, 2018 at 8:53 AM, Tyler Hicks wrote: > diff --git a/kernel/seccomp.c b/kernel/seccomp.c > index da78835..9029d9d 100644 > --- a/kernel/seccomp.c > +++ b/kernel/seccomp.c > @@ -584,18 +584,13 @@ static inline void seccomp_log(unsigned long syscall, long signr, u32 action, > } > > /* > - * Force an audit message to be emitted when the action is RET_KILL_*, > - * RET_LOG, or the FILTER_FLAG_LOG bit was set and the action is > - * allowed to be logged by the admin. > + * Emit an audit message when the action is RET_KILL_*, RET_LOG, or the > + * FILTER_FLAG_LOG bit was set. The admin has the ability to silence > + * any action from being logged by removing the action name from the > + * seccomp_actions_logged sysctl. > */ > if (log) > - return __audit_seccomp(syscall, signr, action); > - > - /* > - * Let the audit subsystem decide if the action should be audited based > - * on whether the current task itself is being audited. > - */ > - return audit_seccomp(syscall, signr, action); > + audit_seccomp(syscall, signr, action); > } This whole series looks great to me. If I can get an Ack from Paul for the audit bits, I can take it via the seccomp tree. One minor nit on seccomp_log() above, I'd probably change this to show the "exception" case as "out of line" of normal code flow. i.e. instead of "if (log) audit_seccomp", invert it to return early: ... if (!log) return; audit_seccomp(syscall, signr, action); } But if there isn't some other need for a v3, I can just make this change when I commit. Thanks for fixing this up! -Kees -- Kees Cook Pixel Security