Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1159999imu; Fri, 4 Jan 2019 14:27:49 -0800 (PST) X-Google-Smtp-Source: ALg8bN5V3OW9qflXRqYuejB8bAqIeK6NTfRPKi99iHQhy5StubRjuhpZ3TAq6L2s+OHD3ICy7zfP X-Received: by 2002:a17:902:7896:: with SMTP id q22mr53392525pll.280.1546640869266; Fri, 04 Jan 2019 14:27:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1546640869; cv=none; d=google.com; s=arc-20160816; b=ZuPUcYz8qGxPAbd0CQoKthGZwccH2o/DTuJ2oqt19m6zHMB6h+Y/XdursHs7OmggCZ OA7WJxb7NIakJpXokRi9kgFKXFOQKodHUaty/1RBEsdkZ1rfxq6FYa2VhuR45P1GT2d0 x5E/9k9YH6pzAltLNZazSZNpT+xuPIH6Nkw6ix9iXMhaL3ruxDI4cqPw3Ltw2tI6ZsFM 2MIVzidEA2KIb7TUV4nYNRh0oCGTxDDDeYXDD3H4kuzdSAC+MCSGE6aFVhym5rkq1C+d iurmsvIrbJqqZl1GwvPhJbefLzdnoOQtde0Y11Euzi6NPdgq4FG4mOHkwdy2hoCYNwzT mWfg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=n9KKoy07FqMceGHLDf06eKMyV/ZGFogpP6+m44Yd7bE=; b=IPLeOu+lRQc4SArZMo12pXHz4OpbjFxvvsUWraziVIJrncE8ZaHrCWIWfo4biBPDTz wuip+PEQXIudhZYPXScO17600VI0lCjgskLoDl9gqBas8k4w3TotQnT4NrcIdeU4SDh8 CwS+pDvs+K3xt/TAYB86iOnjxwjplZHyH1ImA25gkpnBcufb1tM3Q9uxt1nemrJ59ACu AlPb0zT+ABTNpcdfZdPR0y5G/M/GNFOAMZVv7cxWbSLkkHcDNQF0GRP8JCfe/mSqxx9U Q58ffvmKl49J2p4FAX06P1YWCJKLs9OTaIPGbrIIA7RRBu7JjsnYPDgLTrecvG6/vSIF 2V1Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=l2sb3uOV; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e6si54151061pgl.471.2019.01.04.14.27.21; Fri, 04 Jan 2019 14:27:49 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=l2sb3uOV; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726328AbfADWEk (ORCPT + 99 others); Fri, 4 Jan 2019 17:04:40 -0500 Received: from mail-pg1-f195.google.com ([209.85.215.195]:43790 "EHLO mail-pg1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726105AbfADWEk (ORCPT ); Fri, 4 Jan 2019 17:04:40 -0500 Received: by mail-pg1-f195.google.com with SMTP id v28so18008273pgk.10; Fri, 04 Jan 2019 14:04:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=n9KKoy07FqMceGHLDf06eKMyV/ZGFogpP6+m44Yd7bE=; b=l2sb3uOVyz41p3U0Fdr5xZMAHQjrhfqXdnJw1DHB/ICiiaMspoAGZy1Q0xnnEgAg5i 1CFfht5I8lmZLINJZyzQLDPOs55u4Ke4IEXQJtunzcv/uuFVhpeWK9TYxmzvI0aym16Q KdXRqzfRVjVwIZPEJH354PCh/I5Y8y2GfF+sHkHq+gLnN9zfkMq+JWAaI+BOnoEHa5dQ 95T4kqy5Mqryy8Kc4W1eh9ry0U55J+NmrQ2HG1/9wbyMPwLxKq7/9dxyU4PpVc/ioIl6 So336ChBm0uMwu+1KheQZSrODmFppeQt/oVicsIOSazL6/7/SlAXJCJH2S1/I/67DSp0 I9Wg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=n9KKoy07FqMceGHLDf06eKMyV/ZGFogpP6+m44Yd7bE=; b=LTk2iNEsrqHTt7YXG++hlZn1R4MRxq6xuQuUEDVwEoDljdReO6eIyrcQ0GbcIkt+rE 0NIkDctADYmIZUTuNS01IxK7FzubdH3rYp7aINNy5ECFWC3SiHZNqGyHdlZNCLlV97e0 kCu3wy5d0MEBOg/RXHl6d9zEe/JiYPdy8mjzhxBt98co8x9E0ivShHSQv/I19U7OGSX2 ZdQGsALzUclFkDiD/sVW9O1lzjIqYO1yJaR2LDnAOyAoUwDcyn3iN+v3Nfb+eYsHeX1G 4a0WpCwK3GTmMNt43lZ1IzIslI2RFN/v3bYcvFnsOB4UUP1SpQufql6CRegcHEtReyaK n6FA== X-Gm-Message-State: AJcUukeGyoSNoKyNmg4spdwPwBS01cVqK9lfIqa3rJtv/LqQhDyzLvXC ME9BAiR+g1NaXDsn1jNGbpQ= X-Received: by 2002:a63:78cd:: with SMTP id t196mr3067788pgc.62.1546639479078; Fri, 04 Jan 2019 14:04:39 -0800 (PST) Received: from localhost ([2600:1700:e321:62f0:329c:23ff:fee3:9d7c]) by smtp.gmail.com with ESMTPSA id b27sm88629400pfh.113.2019.01.04.14.04.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 04 Jan 2019 14:04:38 -0800 (PST) Date: Fri, 4 Jan 2019 14:04:37 -0800 From: Guenter Roeck To: Richard Guy Briggs Cc: containers@lists.linux-foundation.org, linux-api@vger.kernel.org, Linux-Audit Mailing List , linux-fsdevel@vger.kernel.org, LKML , netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, ebiederm@xmission.com, luto@kernel.org, carlos@redhat.com, dhowells@redhat.com, viro@zeniv.linux.org.uk, simo@redhat.com, eparis@parisplace.org, serge@hallyn.com Subject: Re: [PATCH ghak90 (was ghak32) V4 01/10] audit: collect audit task parameters Message-ID: <20190104220437.GB19346@roeck-us.net> References: <8e617ab568df28a66dfbe3284452de186b42fb0f.1533065887.git.rgb@redhat.com> <20190104025006.GA15567@roeck-us.net> <20190104145735.vlrw2fip5syn2exc@madcap2.tricolour.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190104145735.vlrw2fip5syn2exc@madcap2.tricolour.ca> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jan 04, 2019 at 09:57:35AM -0500, Richard Guy Briggs wrote: > On 2019-01-03 18:50, Guenter Roeck wrote: > > Hi Richard, > > > > On Tue, Jul 31, 2018 at 04:07:36PM -0400, Richard Guy Briggs wrote: > > > The audit-related parameters in struct task_struct should ideally be > > > collected together and accessed through a standard audit API. > > > > > > Collect the existing loginuid, sessionid and audit_context together in a > > > new struct audit_task_info called "audit" in struct task_struct. > > > > > > Use kmem_cache to manage this pool of memory. > > > Un-inline audit_free() to be able to always recover that memory. > > > > > > See: https://github.com/linux-audit/audit-kernel/issues/81 > > > > > > Signed-off-by: Richard Guy Briggs > > > > Overall I am not sure if keeping task_struct a bit smaller is worth > > the added complexity, but I guess that is just me. > > The motivation was to consolidate all the audit bits into one pointer, > isolating them from the rest of the kernel, restricting access only to > helper functions to prevent abuse by other subsystems and trying to > reduce kABI issues in the future. I agree it is a bit more complex. It > was provoked by the need to add contid which seemed to make the most > sense as a peer to loginuid and sessionid, and adding it to task_struct > would have made it a bit too generic and available. > > This is addressed at some length by Paul Moore here in v2: > https://lkml.org/lkml/2018/4/18/759 > That makes sense. Thanks a lot for the clarification. Guenter