Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp391033imu; Tue, 20 Nov 2018 00:36:02 -0800 (PST) X-Google-Smtp-Source: AFSGD/VUlqffD3OnfGvIi3zqRM/OxvAxTcucFcjyuZKBUNFnAyzHPLqvfLgeZU9ztMAuI5llfV/O X-Received: by 2002:a63:1b48:: with SMTP id b8mr1080725pgm.187.1542702962070; Tue, 20 Nov 2018 00:36:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1542702962; cv=none; d=google.com; s=arc-20160816; b=F5HIZVsQsRc2uuDM1lew2fQZ1p0pqnSs0wn28dOejeHv0koltoi/Z6Z3CF9txLk0Fp YR3Adr5pvNUVzE/EKGCS7U3PxPZvookEJd6CmilJZ8NCwxu2PEhRH+UdwTrwss2IaFpD qP8nOgdOWPYTLexJg5Xe6o0P69xnScqTmil/A5xOqLLA/sE9y3yxLVHvN34AIBffMn3W tbjhgvqvqsaZ/gCETxquA+VBJGWZnwTxEotTACr8Xc0m2NxeSYQhXbb5qhMJQ9Pne9Bp 6OiR2enfV3BOp0RSdCgOZJOBsDnWCHZiboEebBzX+E8cWZ8DGlyZ1PnkdksDMSoNvOvU yzSg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=EN13+x57Xzr6TnkLrLpREMPW7SiFINiSFJgP5nHjE8o=; b=A9xMYnpbvU1UZXsvmuOraKeWC4qPI1S8OG0eV0oJmL0Z5kA/QJRfQ4o2IRGtlW75dn /bSQJr8dDN6A9ywdEpcAgUkh91Ri4gUhngSDvl0+olf01OWgIErT9ChLsseTc7lYLLva u/Bvlc6oL53PZ6fxhSZWMZN85wK9EY3CqFSFHt/V+ji8usL2h1ReFTvmKXhpgtsq5ee/ Gp38w3/9xPDCZMBX7+i4yeS9dJw8VxQdtShLS/RZNa7l6k0hMVPdrpZw8vkMeTYjfTH/ fxpRw2ljtNp2peeaXK7qG6zRbb+6PS9UusWH5vcHQZ0U7xiUvb+xspAh3Axx48EUMsWI zRyA== ARC-Authentication-Results: i=1; mx.google.com; dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=YuDQIIAO; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t3si24064448pgl.108.2018.11.20.00.35.46; Tue, 20 Nov 2018 00:36:02 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=YuDQIIAO; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726400AbeKTSpT (ORCPT + 99 others); Tue, 20 Nov 2018 13:45:19 -0500 Received: from mail-io1-f65.google.com ([209.85.166.65]:39391 "EHLO mail-io1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726075AbeKTSpT (ORCPT ); Tue, 20 Nov 2018 13:45:19 -0500 Received: by mail-io1-f65.google.com with SMTP id j18-v6so750010iog.6 for ; Tue, 20 Nov 2018 00:17:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=szeredi.hu; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=EN13+x57Xzr6TnkLrLpREMPW7SiFINiSFJgP5nHjE8o=; b=YuDQIIAOJY2gkSBL8WW/q0m02MBJaAFHqfqgKN6JMfAPoA9OsaMNcqsAjNMtNNxouK lMxCtW+kzUZxpw/hRD0zD6tfPOmDddp+/QBEsoBLiydSIvEGORXqPXmkLMcCKwC7tKBS DzmtqTRqGtZHDaohzLgzs0WMLNXNnKxbAqII0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=EN13+x57Xzr6TnkLrLpREMPW7SiFINiSFJgP5nHjE8o=; b=iBgMScYfPdgMgzYo8HCOh7rSc7dgmDkOyLquhlHy5EoA1IqI+FdZ1I9VWXmWp+isDZ 7ZZ5uGXJZoWTBOHhGAz79i2/mH3zfQvMHd7CjNnzFlctcIn7oanH5mKKH/kszrTcfEkE 0NnVp8ajFr1TiulOWfPDIP63kCfKd7kCaLlZBvX9iiAVPH6fwlVui5mT19+j2W2igGTh IfEbQe11MUPc7IewuGvALSEAnVeQjlmZ8Ogw4iloAzKlHnvop25HswR2h1mRjJyf35hk VbyB3qz3+BHcGDadg5M8b7OS8G9YsUDcmkQR1WHLPSXTaCm7V9D4yYbVdhWWznIAPCjZ DWvg== X-Gm-Message-State: AA+aEWacrYX3OD9XLXA00iQBLyOc1KZh3OSL1VfidBdBpGDbMcnf5aH8 SzGVAZGUS0LfwowHS5/NUzrWxqRwKOnoVKM55g+RHg== X-Received: by 2002:a6b:fe13:: with SMTP id x19mr787582ioh.294.1542701847561; Tue, 20 Nov 2018 00:17:27 -0800 (PST) MIME-Version: 1.0 References: <218e806e61cd5ae2fd38f9d546f953f86c763b58.1542149969.git.rgb@redhat.com> <20181119225856.dt3l7qzg2ftggon4@madcap2.tricolour.ca> In-Reply-To: <20181119225856.dt3l7qzg2ftggon4@madcap2.tricolour.ca> From: Miklos Szeredi Date: Tue, 20 Nov 2018 09:17:15 +0100 Message-ID: Subject: Re: [RFC PATCH ghak100 V1 1/2] audit: avoid fcaps on MNT_FORCE To: Richard Guy Briggs Cc: linux-fsdevel@vger.kernel.org, Al Viro , linux-kernel@vger.kernel.org, linux-audit@redhat.com, Paul Moore , Eric Paris , sgrubb@redhat.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Nov 19, 2018 at 11:59 PM Richard Guy Briggs wrote: > The simple answer is that the audit PATH record format expects the four > cap_f* fields to be there and a best effort is being attempted to fill > in that information in an expected way with meaningful values. Perhaps > better to accept that it is unreasonable to expect any fcaps on any > umount operation and simply ignore those fields in the PATH record for > umount syscall events. When there's a mount there are in fact two objects belonging to the exact same path, each having completely independent metadata: the mount point and the root of the mount. For example: stat /mnt umount /mnt stat /mnt The first stat will show the root of the mount, the second one will show the mount point. Which one is the relevant for audit? Not saying audit should be doing getxattr on any of them, just trying to see more clearly. Thanks, Miklos