Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp3358009imm;
        Fri, 20 Jul 2018 15:16:42 -0700 (PDT)
X-Google-Smtp-Source: AAOMgpcgqZOvTSqTvwoNGmmAkkUDNSd0qxMgfIKAmyF5etAttnQpPuccnD5+0rN/Ah0yqSPlh64/
X-Received: by 2002:a62:398c:: with SMTP id u12-v6mr3862910pfj.9.1532125002637;
        Fri, 20 Jul 2018 15:16:42 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1532125002; cv=none;
        d=google.com; s=arc-20160816;
        b=VPoAyxTXY/x1cmyrCRRA2cucZfadtYlrc1ZwIfoitmf9mb8zTn082MVZYAW8iV+e0Z
         wcf7nRZOpszsW9wUweHw00/L/Ta6Qw95pcIKRckBvyr5XZxzD6HYvm1LWZlGF4ovygV1
         jVVucVhStoLeUdHU6BzizLiQysng+m1X3xxJCEqrIiw/KOpL0whTvoVwKDQcYHsY2pmf
         WaKi/c0az+VLyQ9StBguN1APoI7fanU0nStdn9NrVDMAZaismcPfVmCx8DRPF/8K+80j
         BUIC1QmEeWc5JOEEZw4C1q6Qsw6xi1T2j88ZIPNiqprQMpmwEyTo18qMIjAjjwyYD+TB
         WcVw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature
         :arc-authentication-results;
        bh=wHZ59XqSMuHADW+R57tBef8AdySR0zI+EV3OLndYQx0=;
        b=fkLbWP66QJCJUJ7bnGTbawNdm92RmTvE5u+SnOCaxm5bMa8i0WRXSidqFqIZgYke5h
         BAITypKD/sP4FabJ0Tg7ff/7C9kYtVbzScNpluCvvecvtNQcQAUnihj809hfTah8VRDG
         cPFUZcUp/cTYYRohPIQnmgOffsdxFBvl9Zv8dW9qb587i8NoSVYkj5EBcdMuHzwFJCH8
         Oz9XFzT7YSNqRR8o7nEgdh/+7zg09VGyVYHrevWm10IC4KGEBEjcDz3yXx20Fkt5tgyO
         hANCvtoxeDdmvt+ss0ZwFMWxYREHTktpdc7fVg5hEgItZLVpqp79TFxBq5EyPtAT8JFE
         7bWg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=sqlJi1ci;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id x17-v6si2381878pln.465.2018.07.20.15.16.27;
        Fri, 20 Jul 2018 15:16:42 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=sqlJi1ci;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731760AbeGTXEj (ORCPT <rfc822;chenl.lei@gmail.com> + 99 others);
        Fri, 20 Jul 2018 19:04:39 -0400
Received: from mail-lf1-f65.google.com ([209.85.167.65]:43574 "EHLO
        mail-lf1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1731697AbeGTXEi (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 20 Jul 2018 19:04:38 -0400
Received: by mail-lf1-f65.google.com with SMTP id m12-v6so2758203lfc.10
        for <linux-kernel@vger.kernel.org>; Fri, 20 Jul 2018 15:14:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=paul-moore-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=wHZ59XqSMuHADW+R57tBef8AdySR0zI+EV3OLndYQx0=;
        b=sqlJi1ci2aaQSjkcjVha0IfOpjP7OABHcNA9SQq12lA+85JBhnhPhsRxlnlnPhg/He
         nZAQDvIBvfECZzVmXqiBaeXsgq27Joa/i2WKZYG4gftAPMjZQyarLVQUmkiVz9VE7By2
         PCROwqTxqulGIhLkgLXbP5HWokY89MjsHREptyWoUiSr2+/bP8FIDQaFTuTx95FKWldP
         HgsEDbgZ/Cdpa0uBvlgrN+fk99te6QCFwVrD9mdDgK/ch+Vm9uEJRKk/PBoDdiimk5ld
         tFpHyDxCrgSwp6Stvf2e0h3CbPBwvg/QElyf1V6yUAxLUzoWgj5oq5vCyjMclL7+vGx9
         oeaA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=wHZ59XqSMuHADW+R57tBef8AdySR0zI+EV3OLndYQx0=;
        b=clQ2VVG2i8SNbV5gSxdjDtfHqYUSA0n8j60J+s1I17iAiR238smGrFVoAjXiVma5JZ
         /Pz/8aVPdArFfz5PDHn+EF7S0YWH12Zqj+lxZ6qb1mMmH1CoZzrwTyXC6BcRXyueUdoe
         /PO7qNo7HTrSnsLC9CVA0WPzhxFouPearuV8AvRm5VHckxW66XipkaZme63Lm/9kAE1w
         KIL9+4pkNVwasilFzKEU3pWvltlIaUDYqJVEpv+j2SCoV6+Wv1t9yAXFZ91D5YBE9OaG
         beUZQh4vWEqooYiwQu++86bhMttOezk361rlzdjeG605BKNli+pMckj2J+vDyQ3qfCbW
         wCEg==
X-Gm-Message-State: AOUpUlHTsU2VX/KnEWxAkA6Sl8LGr0G/3yhZw8xu7eXu1Yaboh7DLW8X
        L/kvmeCbftwQ/0SQzhaLYsjoArKSEQdQPNc65q8X
X-Received: by 2002:a19:de4e:: with SMTP id v75-v6mr2257374lfg.14.1532124862506;
 Fri, 20 Jul 2018 15:14:22 -0700 (PDT)
MIME-Version: 1.0
References: <cover.1528304203.git.rgb@redhat.com> <28ab8ad3c4e5de6f61b928eeb2af030b04a8820b.1528304204.git.rgb@redhat.com>
In-Reply-To: <28ab8ad3c4e5de6f61b928eeb2af030b04a8820b.1528304204.git.rgb@redhat.com>
From:   Paul Moore <paul@paul-moore.com>
Date:   Fri, 20 Jul 2018 18:14:11 -0400
Message-ID: <CAHC9VhTTJVbFq_Cmu8E7EzQD-JXjkbDz7P1EY8ePVrXpQAqPdw@mail.gmail.com>
Subject: Re: [RFC PATCH ghak90 (was ghak32) V3 05/10] audit: add containerid
 support for tty_audit
To:     rgb@redhat.com
Cc:     cgroups@vger.kernel.org, containers@lists.linux-foundation.org,
        linux-api@vger.kernel.org, linux-audit@redhat.com,
        linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
        netdev@vger.kernel.org, ebiederm@xmission.com, luto@kernel.org,
        jlayton@redhat.com, carlos@redhat.com, dhowells@redhat.com,
        viro@zeniv.linux.org.uk, simo@redhat.com,
        Eric Paris <eparis@parisplace.org>, serge@hallyn.com
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Jun 6, 2018 at 1:04 PM Richard Guy Briggs <rgb@redhat.com> wrote:
> Add audit container identifier auxiliary record to tty logging rule
> event standalone records.
>
> Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> ---
>  drivers/tty/tty_audit.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/tty/tty_audit.c b/drivers/tty/tty_audit.c
> index e30aa6b..66bd850 100644
> --- a/drivers/tty/tty_audit.c
> +++ b/drivers/tty/tty_audit.c
> @@ -66,8 +66,9 @@ static void tty_audit_log(const char *description, dev_t dev,
>         uid_t uid = from_kuid(&init_user_ns, task_uid(tsk));
>         uid_t loginuid = from_kuid(&init_user_ns, audit_get_loginuid(tsk));
>         unsigned int sessionid = audit_get_sessionid(tsk);
> +       struct audit_context *context = audit_alloc_local();

We should be using current's audit_context in tty_audit_log().
Actually, we should probably just get rid of the tsk variable in
tty_audit_log() and use current directly to make things a bit more
obvious.

<time passes>

I did some digging and I have a two year old, half-baked patch that
cleans up this tsk/current usage as well as a few others.  I just
rebased it against audit/next and surprisingly it seems to pass a
basic smoke test (kernel boots and audit-testsuite passes); I'll post
it to the list as a RFC once I'm done reviewing these patches.

> -       ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_TTY);
> +       ab = audit_log_start(context, GFP_KERNEL, AUDIT_TTY);
>         if (ab) {
>                 char name[sizeof(tsk->comm)];
>
> @@ -80,6 +81,8 @@ static void tty_audit_log(const char *description, dev_t dev,
>                 audit_log_n_hex(ab, data, size);
>                 audit_log_end(ab);
>         }
> +       audit_log_contid(context, "tty", audit_get_contid(tsk));
> +       audit_free_context(context);
>  }

--
paul moore
www.paul-moore.com