Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp3805603imm; Tue, 29 May 2018 14:08:40 -0700 (PDT) X-Google-Smtp-Source: ADUXVKLDZIqG2yIxvkpgSEe+u0wBDpHI/WLGXiTStxiHxNGcJDQrDgY45hxkREV9xYf2vRGldv6W X-Received: by 2002:a17:902:bc44:: with SMTP id t4-v6mr33922plz.139.1527628120730; Tue, 29 May 2018 14:08:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527628120; cv=none; d=google.com; s=arc-20160816; b=HAzQDJO4qAyqq2P81VNDnvS2Ms217LPHkticVqRnHfx0UxgTaVfSG+hRgUbBqz5ckX ODixhjUcSX4swN6o5CTZF5FrSphz3jd7qFFLW3MYJ5+8r/uTPGHEvKzzZNziru3NtjWb reqB7Xbn8zk6hSVNiqvEsuXBrZblo599dPfgK6E+aMpZ2/hCUHfmSYGQd84iHJEg37if 2qnofOz9xsxH7Gn4ojJ4ejEanqBrZae0H+oWSOj3/p+5D8d3i+OdxLXMcmyWPgKqKouL O1ZIKKO7wzW/7fF4Xvn1D1upP7/44kh0c3nqz9NGiSqYwZd7wPlQHipG68a6DIyn7r7C Gfew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=MTfn6NPebmBo0WsA7WzvOOOtJpn1yni/DjaqAZJxq68=; b=AQr9NdaZzPxs31bfcsE38VFWllJ57ttCdlqE5he0JRwMmgueXNxzjGq/jFEm0N0bmH 42DQo+E0dmF2JL/FW26cyJazan6x+Uk3V+L2AS8IabdHC5gLsgxs9igJu8oQa5Qm9ZJQ JlTxBaMi5hF4zm2cEv1IBgwuKdbFEfUucsUWaZ1wY22FwXMF5vVlIvk/gJ5r5wNiVyUy ObeFf8EGkweemXEDyX1Kk6RW8k/PFIcR8CoG6Dty77b0wzaobqEzwaOkAiScSZMgLPmy MX8z16tHb+S+vulE670tee38o4kk37OpFUONQwaszR8uBKAYsLiwMij8b3cSdKZ6NE5J L8dA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=1gOiDfFJ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d77-v6si3692728pfb.262.2018.05.29.14.08.26; Tue, 29 May 2018 14:08:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=1gOiDfFJ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S937242AbeE2VH1 (ORCPT + 99 others); Tue, 29 May 2018 17:07:27 -0400 Received: from mail-lf0-f65.google.com ([209.85.215.65]:43892 "EHLO mail-lf0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S937149AbeE2VHW (ORCPT ); Tue, 29 May 2018 17:07:22 -0400 Received: by mail-lf0-f65.google.com with SMTP id n18-v6so913830lfh.10 for ; Tue, 29 May 2018 14:07:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=MTfn6NPebmBo0WsA7WzvOOOtJpn1yni/DjaqAZJxq68=; b=1gOiDfFJs14q9q54TzfgvGxEBWYtaW6grCx7JGr3WPxQD0DjnT+BYZFkTnA9mT1q6R ybh7nxDkR8jPkmXO6xd8wxkQ/5RtU/nL8TbSyrywOm+7NJAB/oLj6HXoXTrLshZ2kqvN lftOwPBXxk1Sfr79jGUGCkiepv+ZK+a3llxwvuwPlkdLFZAThZi2o+hqnYhMaibP3X9G CbcvYAnGg1e5TzmP/fjjxlDAYkIkr8uLpRj/n2H7WbZFHpXlV/2FOyWZn0nuySmcQabU MGB4cRWTV5Iolt3jKlnfFx1fl6I3MzkpBL2g7bpvPV4ob9gDfBTnTqMkBoc20PMjEADg GJig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=MTfn6NPebmBo0WsA7WzvOOOtJpn1yni/DjaqAZJxq68=; b=Jbd1HLNQ3KmtoiT0VBaRYQw1OnQPrBH4yy9y9qF1myREuoLK/VetrzczTsDAfMFiW1 OXCJm3fQ9DVK6iZadefx3uYNAvlJC/ZKZlZRpkowhUbpQHVg7d8C8icR4eGn4hwNimQz ZZ0dt8oBFgGYMW8AhkvMuG32y9ZSR6CRCW5wATTZMudrGS+PHjj9nGGI8QxmFuMXNvzm 5o5NlB2TvuZyN1mDvjR9ydQc2KHKJtjuKGsObwqX6WHm5G4bwQGaQkIw57pOEOgWnNiv 8N1kSaXUaV0y68WoZ6ioOsFIyO+nLSri0thU2h+W4+gOrQz2X6N74a987xrYx3G9K/51 o+iA== X-Gm-Message-State: ALKqPweelu5lf/IolyXiXG34L71U0+Q+S2noSN5PSHycvYZgx6KxYuNH NdQOVCWdWoaGNeA05rOiME7jlVtAui/x8bEIlhCC X-Received: by 2002:a19:d245:: with SMTP id j66-v6mr3888lfg.139.1527628040806; Tue, 29 May 2018 14:07:20 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a19:a911:0:0:0:0:0 with HTTP; Tue, 29 May 2018 14:07:19 -0700 (PDT) X-Originating-IP: [108.20.156.165] In-Reply-To: <20180524201105.3179904-4-stefanb@linux.vnet.ibm.com> References: <20180524201105.3179904-1-stefanb@linux.vnet.ibm.com> <20180524201105.3179904-4-stefanb@linux.vnet.ibm.com> From: Paul Moore Date: Tue, 29 May 2018 17:07:19 -0400 Message-ID: Subject: Re: [PATCH 3/8] audit: Implement audit_log_tty() To: Stefan Berger Cc: zohar@linux.vnet.ibm.com, sgrubb@redhat.com, linux-integrity@vger.kernel.org, linux-audit@redhat.com, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, May 24, 2018 at 4:11 PM, Stefan Berger wrote: > Implement audit_log_tty() so that IMA can add tty= to its audit records. > > Signed-off-by: Stefan Berger > --- > include/linux/audit.h | 5 +++++ > kernel/audit.c | 8 ++++++++ > 2 files changed, 13 insertions(+) > > diff --git a/include/linux/audit.h b/include/linux/audit.h > index 90aa63ddc9be..2deb76c74d10 100644 > --- a/include/linux/audit.h > +++ b/include/linux/audit.h > @@ -154,6 +154,7 @@ extern void audit_log_task_info(struct audit_buffer *ab, > struct task_struct *tsk); > > extern int audit_update_lsm_rules(void); > +extern void audit_log_tty(struct audit_buffer *ab, struct task_struct *tsk); > > /* Private API (for audit.c only) */ > extern int audit_rule_change(int type, int seq, void *data, size_t datasz); > @@ -202,6 +203,10 @@ static inline int audit_log_task_context(struct audit_buffer *ab) > static inline void audit_log_task_info(struct audit_buffer *ab, > struct task_struct *tsk) > { } > + > +static inline void audit_log_tty(struct audit_buffer *ab, > + struct task_struct *tsk) > +{ } > #define audit_enabled 0 > #endif /* CONFIG_AUDIT */ > > diff --git a/kernel/audit.c b/kernel/audit.c > index 670665c6e2a6..fa54695962b4 100644 > --- a/kernel/audit.c > +++ b/kernel/audit.c > @@ -2305,6 +2305,14 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk) > } > EXPORT_SYMBOL(audit_log_task_info); > > +void audit_log_tty(struct audit_buffer *ab, struct task_struct *tsk) > +{ > + struct tty_struct *tty = audit_get_tty(tsk); > + > + audit_log_format(ab, " tty=%s", tty ? tty_name(tty) : "(none)"); > + audit_put_tty(tty); > +} Perhaps I missed it, but your IMA patches only ever call this to log current's tty, yes? If so, I would prefer if we dropped the task_struct argument and always had audit_log_tty() use current. -- paul moore www.paul-moore.com