Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp3357080imm; Fri, 20 Jul 2018 15:15:25 -0700 (PDT) X-Google-Smtp-Source: AAOMgpesURnr4Ix+AD4Ro2zjuXarinkNZr/QNQ/7+aHAJMRrXb7jBpu/uOCg6HY6E6HMCzQ+VJaH X-Received: by 2002:a63:291:: with SMTP id 139-v6mr3612593pgc.365.1532124925182; Fri, 20 Jul 2018 15:15:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1532124925; cv=none; d=google.com; s=arc-20160816; b=I5TiznxwoYzAtpuh0NffBQ5gWMAsCB/qed+R1tSPIrIIO2myNyWlm1NGzWXv3RRCwt RqPMymXgEBI08dcbxeBbTPLIURW3flq+Qv6vNfNqqfh+y+rmhkTyz/IuZ6qpmiCAOBzV OLHZwUj8kfHCPZrJhzbxUX8dwyzr7mmgp0Rd6UaPVZaf3ddC1Z6g0Bt+UjbfUzXKCdUI J0c9/DOcNSXsDH1OQEoc0WReDWQhzZkXNDoJbtE/ResL0QbCuw63pYM3oWhmJreShd7A z73lYyC9ySTXlzv0vi65Ku0vNzSeu+mgKYY8tfiep4ebRJmdPM8iqdgSpKmvOo4Hr0+K r0AQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature :arc-authentication-results; bh=Dbd3xbVGNifKUooElu/zqxg6wXuDDl+zJj4O6L0+nW0=; b=B6CCBmoCWm3ufTN1uiPXy6u/HMtLSO+x9Zl5VYf3mkvCyP7bnhh4Qj/e6/AvTNIVT5 ijQh9V4eGT2uZ9+JdRt3CTAffLOq61O20XyromGS0hUkZgI/4HTM+oPYp0vq1zy8gHYz 7AbVBXaIiwvsG3Rzcv+T/GOfGBqPHXzUAI5b9kLp2WNO3t0Gy43ApFkJjvvEzaRFYrrZ Zv4S+Gxvf7q4s5PT+9XP1M9oTj0JMkTEeahZys9tz+9ru8Lr2RZDkgPjPlvgao5MEPkD 658gKfNM1rCjYb00HO9sbj+dn/HwFzaoWDtV16dUhQ9hYaoI5GXG4Rv6Q1ooekcbhN8Z ZwTw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=SbguKtq1; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o23-v6si2710197pgm.170.2018.07.20.15.15.10; Fri, 20 Jul 2018 15:15:25 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=SbguKtq1; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731221AbeGTXEO (ORCPT + 99 others); Fri, 20 Jul 2018 19:04:14 -0400 Received: from mail-lf1-f67.google.com ([209.85.167.67]:34244 "EHLO mail-lf1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730999AbeGTXEO (ORCPT ); Fri, 20 Jul 2018 19:04:14 -0400 Received: by mail-lf1-f67.google.com with SMTP id n96-v6so2748704lfi.1 for ; Fri, 20 Jul 2018 15:13:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Dbd3xbVGNifKUooElu/zqxg6wXuDDl+zJj4O6L0+nW0=; b=SbguKtq1BImdV6/i6N240f7B4xM095R4VifrxBCb2iy4Y77xNtmus+44uxnpteZZnQ ibrOWh3K5iNipUuLzeJrkMdqTt888+ZKmhhqTvNk26BLxAEgD9uVseTDRaYASOR4Wpst kM0Rgf2qKMQ2KpKOq8v2uHRw8S3fkOHLS3kVQIf5e2l6f/rpPV/olkj4aOY4DHpYK44i 58EaXluuiawTdG4qjomqpLhGgDr5WYDrbKN5yNzC7jFYioAC+xD652Kb8Iny1KKd0Q7/ easvyPplpOF/Gm8QZxSmDk0/d7N7KhUd3te1V50BzzUfLi+Q+coqGyN6neneRrk0Wq5c 0Bkw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Dbd3xbVGNifKUooElu/zqxg6wXuDDl+zJj4O6L0+nW0=; b=fVwEzM5F0kPhozO8c9MSyWxVr3bowzhRdwMcx9xvKqWNarouzD+YyCLrFSHj/TPFkG DCXXBcg5TEE419cH70MwmbeCslUI8p+QL7bQ5RmZSr6GLRITRkDUMOkaZ/z07gOaTbBT tclyvvebSmt86yFlXkOm85wwTyOf0F5fTTff3Ml3o1/sL3g6ZUdskFbSO/8PRDpiDgNy 3uoeumWjxZxrXERsWkORZJu1uq3FGzIl9tkB9AYuUOWEFRCSO/rVFCEGdQTdNoFlmBs2 woAohfFVpAJd/Ml8aJfkpE+JhgNE+JHIbamHZirApu4+sUqhLmetXVOrpvEALB42x49f MkCg== X-Gm-Message-State: AOUpUlH4OcweZ+GQ4tNYBx9KCBlNYKWQh1dXIApPwyDxZW5RgiEKpfWg VN0cqRDfWF+8A67VXjz0SkthyN2zZL6+wsZdnF8c X-Received: by 2002:a19:9a81:: with SMTP id c123-v6mr2427842lfe.106.1532124838927; Fri, 20 Jul 2018 15:13:58 -0700 (PDT) MIME-Version: 1.0 References: <29359e0e6bc34c74b3a2c3ce0cdfda77f530cf18.1528304204.git.rgb@redhat.com> In-Reply-To: <29359e0e6bc34c74b3a2c3ce0cdfda77f530cf18.1528304204.git.rgb@redhat.com> From: Paul Moore Date: Fri, 20 Jul 2018 18:13:47 -0400 Message-ID: Subject: Re: [RFC PATCH ghak90 (was ghak32) V3 03/10] audit: add containerid support for ptrace and signals To: rgb@redhat.com Cc: cgroups@vger.kernel.org, containers@lists.linux-foundation.org, linux-api@vger.kernel.org, linux-audit@redhat.com, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, ebiederm@xmission.com, luto@kernel.org, jlayton@redhat.com, carlos@redhat.com, dhowells@redhat.com, viro@zeniv.linux.org.uk, simo@redhat.com, Eric Paris , serge@hallyn.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jun 6, 2018 at 1:01 PM Richard Guy Briggs wrote: > Add audit container identifier support to ptrace and signals. In > particular, the "op" field provides a way to label the auxiliary record > to which it is associated. > > Signed-off-by: Richard Guy Briggs > --- > include/linux/audit.h | 11 +++++------ > kernel/audit.c | 13 +++++++------ > kernel/audit.h | 2 ++ > kernel/auditsc.c | 21 ++++++++++++++++----- > 4 files changed, 30 insertions(+), 17 deletions(-) ... > diff --git a/kernel/audit.c b/kernel/audit.c > index 5e150c6..ba304a8 100644 > --- a/kernel/audit.c > +++ b/kernel/audit.c > @@ -142,6 +142,7 @@ struct audit_net { > kuid_t audit_sig_uid = INVALID_UID; > pid_t audit_sig_pid = -1; > u32 audit_sig_sid = 0; > +u64 audit_sig_cid = AUDIT_CID_UNSET; > > /* Records can be lost in several ways: > 0) [suppressed in audit_alloc] > @@ -1437,6 +1438,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) > memcpy(sig_data->ctx, ctx, len); > security_release_secctx(ctx, len); > } > + sig_data->cid = audit_sig_cid; > audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, > sig_data, sizeof(*sig_data) + len); > kfree(sig_data); > @@ -2050,23 +2052,22 @@ void audit_log_session_info(struct audit_buffer *ab) > > /* > * audit_log_contid - report container info > - * @tsk: task to be recorded > * @context: task or local context for record > * @op: contid string description > + * @contid: container ID to report > */ > -int audit_log_contid(struct task_struct *tsk, > - struct audit_context *context, char *op) > +int audit_log_contid(struct audit_context *context, > + char *op, u64 contid) > { > struct audit_buffer *ab; > > - if (!audit_contid_set(tsk)) > + if (!cid_valid(contid)) > return 0; > /* Generate AUDIT_CONTAINER record with container ID */ > ab = audit_log_start(context, GFP_KERNEL, AUDIT_CONTAINER); > if (!ab) > return -ENOMEM; > - audit_log_format(ab, "op=%s contid=%llu", > - op, audit_get_contid(tsk)); > + audit_log_format(ab, "op=%s contid=%llu", op, contid); > audit_log_end(ab); > return 0; > } You might as well just make these changes to audit_log_contid() in patch 2 when you first define audit_log_contid(). -- paul moore www.paul-moore.com