Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp1869671imm; Tue, 22 May 2018 10:37:20 -0700 (PDT) X-Google-Smtp-Source: AB8JxZpLYBzAQ2HvexM/ouvREEvx6K63A2mq725JBZvQ0QyUAC8VPkm2voTW3CbL0dcR4lBi801h X-Received: by 2002:a65:6489:: with SMTP id e9-v6mr19915843pgv.44.1527010640149; Tue, 22 May 2018 10:37:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527010640; cv=none; d=google.com; s=arc-20160816; b=jPtAbw1Sb0G8aesRLa9gG7I3G9mpr39RPt9luHfn1K8c6m+wYMcKwQjYVcbEyJnNok IJ7FjH5qgepcv5UEE3L9TUdH8k/ZrZwHf7+TIZVRvf83qkoLp3YqX+XKZfLRBrY7AcPe EwY9WIx6bTRlr6wgHOXYPrsA0sSMd4B3+i2zX6yAzUiNMwArNRppddZChbyP4X4sMWJb 3YgWbCuNUdzcCVQamKO/27BAuNO2pxcOPpLS2pqlWmlRGgnheABBVG5Pis9nqFqaDs15 4EsslhXiT9rq3/UhwPr+I5VjCMY/kuTJ24xbEQos1JpFqMEnp/nz8EvS4NaIpVfj7Ljv QAkg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=diXocX/MR9+d1l2GGaehO+VpcWcXHLs0vcXeTNjwS7Y=; b=wbjr559Vsr9KDH/SKUCXUyOdTbX+SDIGCBp39n1ViHmDwi8w2F7OjqTmknxGeF9urx B7TncKw+j7vZrHQCX7KmLDth9LDYHObymPMgnw77alvke2awFM7DMLE3e1qHpA0cwq+7 TdmXXqidp62cCbbe/4ld4HvLU3KWfnu4mYT9F13AjajvkwiDrMY3aLVCKd05CM4pfnh3 8W0fnp8em2cTVSYJsuDIyrnhLOGYLOg7OdeXprpmrG/UAVHdkBtlAdK8oDEVJt7jeoeD PLxqxvjB3RYovk7BZ3Cc9HsulHDFcsg9Yyvbamqq0wpsebWAXg1pQwZQkJa19amuuP6h Zbog== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v29-v6si16555087pfk.116.2018.05.22.10.37.05; Tue, 22 May 2018 10:37:20 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752276AbeEVRgj (ORCPT + 99 others); Tue, 22 May 2018 13:36:39 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:44414 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751355AbeEVRga (ORCPT ); Tue, 22 May 2018 13:36:30 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 9F7FD818BAFF; Tue, 22 May 2018 17:36:29 +0000 (UTC) Received: from madcap2.tricolour.ca (ovpn-112-24.rdu2.redhat.com [10.10.112.24]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4992C2024CAD; Tue, 22 May 2018 17:36:24 +0000 (UTC) Date: Tue, 22 May 2018 13:35:41 -0400 From: Richard Guy Briggs To: Paul Moore Cc: "Eric W. Biederman" , Steve Grubb , simo@redhat.com, jlayton@redhat.com, linux-api@vger.kernel.org, containers@lists.linux-foundation.org, LKML , Eric Paris , dhowells@redhat.com, carlos@redhat.com, linux-audit@redhat.com, viro@zeniv.linux.org.uk, luto@kernel.org, netdev@vger.kernel.org, linux-fsdevel@vger.kernel.org, cgroups@vger.kernel.org, serge@hallyn.com Subject: Re: [RFC PATCH ghak32 V2 13/13] debug audit: read container ID of a process Message-ID: <20180522173541.slcdszumi7q6c4id@madcap2.tricolour.ca> References: <1081821010c124fe4e35984ec3dac1654453bb7c.1521179281.git.rgb@redhat.com> <3001737.MkQ41rgtZF@x2> <87muwshl4z.fsf@xmission.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20171027 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]); Tue, 22 May 2018 17:36:29 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]); Tue, 22 May 2018 17:36:29 +0000 (UTC) for IP:'10.11.54.4' DOMAIN:'int-mx04.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'rgb@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2018-05-21 16:06, Paul Moore wrote: > On Mon, May 21, 2018 at 3:19 PM, Eric W. Biederman wrote: > > Steve Grubb writes: > >> On Friday, March 16, 2018 5:00:40 AM EDT Richard Guy Briggs wrote: > >>> Add support for reading the container ID from the proc filesystem. > >> > >> I think this could be useful in general. Please consider this to be part of > >> the full patch set and not something merely used to debug the patches. > > > > Only with an audit specific name. > > > > As it is: > > > > Nacked-by: "Eric W. Biederman" > > > > The truth is the containerid name really stinks and is quite confusing > > and does not imply that the label applies only to audit. And little > > things like this make me extremely uncofortable with it. > > It also makes the audit container ID (notice how I *always* call it > the *audit* container ID? that is not an accident) available for > userspace applications to abuse. Perhaps in the future we can look at > ways to make this more available to applications, but this patch is > not the answer. Do you have a productive suggestion? > paul moore - RGB -- Richard Guy Briggs Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635