Received: by 2002:ac0:98c7:0:0:0:0:0 with SMTP id g7-v6csp3856223imd; Mon, 29 Oct 2018 13:30:05 -0700 (PDT) X-Google-Smtp-Source: AJdET5fTeJyWT2D+DfXedXv97T9t+jL9ZPAmYj5d93HhCnFZfaoxZPRRWtH6iDGgzHj/U2X69OYN X-Received: by 2002:a63:6045:: with SMTP id u66mr15319897pgb.204.1540845005715; Mon, 29 Oct 2018 13:30:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540845005; cv=none; d=google.com; s=arc-20160816; b=e14LRTB/0L/SLtEBK90m84qfFD33ddEE/YPJEukODepi7Hx4EaJpYDLjWtDQaXXsGW +FwAOtCZydHzznIXoGGBXkwnMUW+crXI3JRhInyXKIYHG9P0umIlda6tNCRU/4GeKPAQ hKj7bJtX2lY/v2eq7eWT4Bw+zAto2Q4U1qnwmQ/6vQXnD8stdMk4QY9HXEwqSJpzqvpd c8CAra4RD8dFGd96l1NIs7abOuyQhkCdFbm1cbeRxZW8ZcZMGCQtrVISPYEG9dVVx9oQ ZYKsjGNg77KMSF6gTOKc9aa9xbysJSBCubU+Z+uwRjwlUFVy+pJuwTfzKlog9oNT8FvM JSgw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:to:from:cc:in-reply-to:subject:date:dkim-signature; bh=LY6lAqNcxExcV8lgaM2ag9Fc+YtefJStleIDC6qqA4E=; b=iab9uaJRGIa6sC7GKJf3Z+XuJ7dgk0iV3jrLZmMQXGeoBgYRd2gGVqVJ4Nu1fFLs5H PWSY8EiuwmWl+D7x6+fjMV3PEiY4k+BJGebFh3s1u3FsLeOFwJ6Ht7DuJnIAxVwYpmCj boCn+tA9QlW3bz8Cd3KP878fbrlUvJYHO20Fy41aUEys7OLhZS7DdGRy+8grAw7DbwR4 lfMHax5lctGMHLhrGl4aykolVAzZIc3jFGOcgn5X1ntyyGvpYPgzGUaO0J+P+L/wUCMO gefEy5gM3kzV/jMT0n/u0YZW7DcWpJmdcBbTTHOxfmoYEaioSX9R4Ur7s+7/zjGBETfO AO1A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sifive.com header.s=google header.b=lvqRDg+4; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x14-v6si10579490pll.353.2018.10.29.13.29.49; Mon, 29 Oct 2018 13:30:05 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@sifive.com header.s=google header.b=lvqRDg+4; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729627AbeJ3FSO (ORCPT + 99 others); Tue, 30 Oct 2018 01:18:14 -0400 Received: from mail-pf1-f194.google.com ([209.85.210.194]:35102 "EHLO mail-pf1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728958AbeJ3FSN (ORCPT ); Tue, 30 Oct 2018 01:18:13 -0400 Received: by mail-pf1-f194.google.com with SMTP id z2-v6so2017032pfe.2 for ; Mon, 29 Oct 2018 13:27:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; h=date:subject:in-reply-to:cc:from:to:message-id:mime-version :content-transfer-encoding; bh=LY6lAqNcxExcV8lgaM2ag9Fc+YtefJStleIDC6qqA4E=; b=lvqRDg+4iSlL4MZl8ndBGJP+QSX5XmYJq5VakzPcAbooaiEnekl/rfkZSYbgiQH9KL fM6TDGu5qwBUyD+VCbwbPosFZYQySGZmkN6gRyukuEbCm6zRvLbQvbhyaVPIpN6H7n6w ixwhKDoW/3X3C5a7bI18UmMqjneNdrvAVLCR1NEDeoZ8KXZjVP1Y5ZD6RBpumSXaHRy8 czLu5lyFuBeMgqMHTu1MN2FDGIFz0hN7O3F1xI6eyVB7jE7SsIp5feX8llCEdnWwskrw aco8ZmLcR2XrzhJ8QLYYXyRdcU5Th0+a/MjtQ8R37SpmNh/QMFgmR8xl71O6G6c0YoCv ZUYw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:subject:in-reply-to:cc:from:to:message-id :mime-version:content-transfer-encoding; bh=LY6lAqNcxExcV8lgaM2ag9Fc+YtefJStleIDC6qqA4E=; b=HQiyOuo/8MOpxAISmTdexPaxItliiji+t/dPE665YbMG1J7Agm8l/+BDLaT0wZUJpz oBVmJ0MbB0asH4WJ97sYAgvBawOU/2IzoFcfDvSIcJR4eHJJgPtjiifDaxqnhTOrjZtG MTc0AgkYh9gGAucMbfXpfPGv/3eIcH4skubxB12hxXKXv9ey5HJPsbHaLUTivPXwQ8fF VHwgdhYYflCjoTlBW2n//Z5UbUzGCPo2F6dCdGpEkvwNH6TCLsE7iwwqMTuHBvag7Z6g IvgHUDKaxQEe+2zy/JIOZ/azzgmR5Si1/UlurpU6jwp5xfU3oVk3m9o1JQIzuOUtItwa SEOQ== X-Gm-Message-State: AGRZ1gIxzDuTVk2TGnYTidA5NOiIMaxsJlBBZDz+eNA3jFivzfhJ0g30 y40Ht+94ZkYR/KoeGVTHsjZDSg== X-Received: by 2002:a65:594b:: with SMTP id g11-v6mr13109817pgu.229.1540844876300; Mon, 29 Oct 2018 13:27:56 -0700 (PDT) Received: from localhost ([12.206.222.5]) by smtp.gmail.com with ESMTPSA id k86-v6sm37831175pfb.167.2018.10.29.13.27.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 29 Oct 2018 13:27:55 -0700 (PDT) Date: Mon, 29 Oct 2018 13:27:55 -0700 (PDT) X-Google-Original-Date: Mon, 29 Oct 2018 13:12:12 PDT (-0700) Subject: Re: [PATCH 2/2] RISC-V: Add support for SECCOMP In-Reply-To: CC: paul@paul-moore.com, linux-riscv@lists.infradead.org, aou@eecs.berkeley.edu, eparis@redhat.com, keescook@chromium.org, luto@amacapital.net, wad@chromium.org, Wesley Terpstra , dhowells@redhat.com, tglx@linutronix.de, pombredanne@nexb.com, Greg KH , kstewart@linuxfoundation.org, linux-kernel@vger.kernel.org, linux-audit@redhat.com From: Palmer Dabbelt To: david.abdurachmanov@gmail.com Message-ID: Mime-Version: 1.0 (MHng) Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, 28 Oct 2018 04:07:55 PDT (-0700), david.abdurachmanov@gmail.com wrote: > On Thu, Oct 25, 2018 at 10:36 PM Paul Moore wrote: >> >> On Thu, Oct 25, 2018 at 2:31 PM David Abdurachmanov >> wrote: >> > On Wed, Oct 24, 2018 at 10:40 PM Palmer Dabbelt wrote: >> > > From: "Wesley W. Terpstra" >> >> ... >> >> > Palmer, >> > >> > Half of the patch seems to touch audit parts. I started working on audit >> > support this morning, and I can boot Fedora with audit traces. >> > >> > [root@fedora-riscv ~]# dmesg | grep audit >> > [ 0.312000] audit: initializing netlink subsys (disabled) >> > [ 0.316000] audit: type=2000 audit(0.316:1): state=initialized >> > audit_enabled=0 res=1 >> > [ 7.288000] audit: type=1130 audit(1529665913.772:2): pid=1 uid=0 >> > auid=4294967295 ses=4294967295 msg='unit=systemd-remount-fs >> > comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? >> > terminal=? res=success' >> > [ 7.684000] audit: type=1130 audit(1529665914.176:3): pid=1 uid=0 >> > auid=4294967295 ses=4294967295 msg='unit=systemd-sysctl comm="systemd" >> > exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? >> > res=success' >> > [..] >> > >> > I am still working on audit user-space support for better testing. >> > >> > I suggest we first implement audit and then seccomp. >> >> FYI, while small and far from comprehensive, we do have a test suite >> we use for basic validation of the audit kernel bits which may be >> helpful while you're working on the audit enablement: >> >> * https://github.com/linux-audit/audit-testsuite > > Currently I checked the following to work: > - /proc/self/loginuid (required by DNF [package manager]) > - auditctl (checked several different example rules from internet) > - aulast > - aulastlog > - ausearch > - ausyscall > - aureport > - autrace (compared some syscalls to strace: order and > return value/input arguments seems to be correct) > > I checked audit-testsuite yesterday and it seems to be only for > x86-64 / x86-32. After adjusting it (MODE, syscalls) I am at: > > Failed 4/14 test programs. 19/88 subtests failed. > > I don't plan to look further in the failure, e.g.: > - syscall_socketcall: that's an old stuff and not relevant to > new arches > - syscall_module: Fedora kernel currently is not compiled > with kernel loadable module support > - filter_exclude: two tests fail because id -Z doesn't print > any categories, but "semanage login -l" output is identical > between x86_64 and riscv64 > - netfilter_pkt: don't have CONFIG_IP_NF_MANGLE enabled > > Fedora kernel currently has minimal CONFIG_* options > and is built without loadable module support. > > I will send the patches for review soon. Thanks!