Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp903049imu; Fri, 25 Jan 2019 13:06:10 -0800 (PST) X-Google-Smtp-Source: ALg8bN494tOORaFlQJBGMVMhikBV4U8VK4aOGrssMULNceEEbUJJZxS4o/+Ks+KnSPhmHBXI8BFB X-Received: by 2002:a17:902:4601:: with SMTP id o1mr12569370pld.243.1548450370549; Fri, 25 Jan 2019 13:06:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1548450370; cv=none; d=google.com; s=arc-20160816; b=dAMJlPvaizDOccqfEXwvpals5s6fIL3HXOCCOHO5tRLeMnvOvW00ovX347Vg/oKerM 0LF+yZWM529r6QRtCb8LZjbbLckBkyvUNX852+7c0PByOKROBcWhTttvOd6AmtWjHRz1 mztoPi+W2wpRA61NeLeAxd6FTMQP3w2XqfiqwgfhOH/ryHY2QnG+/s2dwp6kujVBmHFb Ez1l17DZrkRnCg2UgVQQiV5glTo7GRLXygjKbv2GqWXT/eQ2MYbBC3uyMQwMunfkvyhF ZtqWm9JkSQCSWjHxHG+tZ7aZMlauBxtY0fpVvvYnl4bGkpfTTp0SM+Uv85sVVCuQ5zwU GxjA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=hu/MeQhwAjDC2cBj8mJ130DCkTsDhsy/SLjkjYI8toU=; b=HBaymHJqHcLrbyUZAkrYm8/U9cAKaTcUHnDu1fjZnOq988xdjK2NzuBm4YV1GyW7gO eFZkNlkvH0TCGmOAANrD6Q3UDKJTIT4vuNR9jfuPV7kBePPAxqDzJFx5g8mxcZuYpGhs yUVqfitH9XfNG81+Zq2BC+8sMDMpivLVrsF3otRFJiV2JsaXOaU81sQusEMDM1EJOM5J 8OKO5O95OVf2Jz9PWtTY5rAHyiFYF9/IgvNiAnd9Jhl+yx4ew1NSP0xehrmeuMMg6/vC sGCATDHg0lYGMxl4Nypnzu3WpTx+dRFJJ3PF+SVlLGr6xk2wG4U+EzyIOhdOb383eHuD G4tQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=N+KIcnU6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h5si13344709pgg.230.2019.01.25.13.05.54; Fri, 25 Jan 2019 13:06:10 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=N+KIcnU6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728236AbfAYVFN (ORCPT + 99 others); Fri, 25 Jan 2019 16:05:13 -0500 Received: from mail-lf1-f65.google.com ([209.85.167.65]:35548 "EHLO mail-lf1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726044AbfAYVFN (ORCPT ); Fri, 25 Jan 2019 16:05:13 -0500 Received: by mail-lf1-f65.google.com with SMTP id e26so7917704lfc.2 for ; Fri, 25 Jan 2019 13:05:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=hu/MeQhwAjDC2cBj8mJ130DCkTsDhsy/SLjkjYI8toU=; b=N+KIcnU6gUJAw/059IUODzNkSzS5rbo7ClhBCqaspuBBV32TVhQadD+3Lza77DHNhg ypTaK1/UgmVP4DTiUqa5aZ8nM1VAaUFrGPofLST35B/0aLdY4k7Qga5XaE88VtU5PHCo d3OduJYXCwan/xvDO+t2EsZucQp+f0FtBg3st8aMUna4UHR6fFb4kjTbIVbtgC19aHz6 lXnqPOZxDhS40XrYDib2dDMtaS+H45DEXLwpwdTDwvMikS3UkoS/3bp1vUIqKuq0wxOd a/ES9lp4QLaB9kpQnZlyc5Sfen5BR9B0K4reGfXKOLT3MROYpZCNJ1NJDKkCRr4UIIlH Tulw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=hu/MeQhwAjDC2cBj8mJ130DCkTsDhsy/SLjkjYI8toU=; b=fVDABRMvSpl6Ir4e+5KfquK/yc0J4rvVNp6N0vAqxfOGwygpQPLvwnmY7G9QmMbaH4 4pp+iWqtCNvlyFcmDHqYqBhp4A1lstq4jpxnpLCdD+CoWeibkD555A3dCGPU4QXD3pIR dhfsESOTRv730/H1CzGp4/raMwiriyMoWyEflqcJ9/CEAxLLfpWTSuWyxgMq84NqU61N Bw35l04jcQq1wyJPVK/zYcl/F/gfPjFx5q/P9GGdjWPS4sALixTMwTUzjudJUT3biu2/ YN5yFD/Vx6Tl4z8twGl0p7St0EV4NriUSPqM3mKSNjf9RVMgjKcEXcb0CsKsldmYsreL T3wg== X-Gm-Message-State: AJcUukfTYOMB/nRPC4y6TQGHm1IYFLNOqQI3v9OdBPsL7x+zUe3hsoEy kahZshP4Tl9poxHvKgx9XopPcXAQTGB18CkxJzEN X-Received: by 2002:a19:d619:: with SMTP id n25mr8938148lfg.91.1548450310789; Fri, 25 Jan 2019 13:05:10 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Paul Moore Date: Fri, 25 Jan 2019 16:04:59 -0500 Message-ID: Subject: Re: [PATCH ghak103 V1] audit: add support for fcaps v3 To: Richard Guy Briggs Cc: Linux Security Module list , LKML , Linux-Audit Mailing List , Steve Grubb , Eric Paris , Serge Hallyn Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jan 23, 2019 at 9:37 PM Richard Guy Briggs wrote: > > V3 namespaced file capabilities were introduced in > commit 8db6c34f1dbc ("Introduce v3 namespaced file capabilities") > > Add support for these by adding the "frootid" field to the existing > fcaps fields in the NAME and BPRM_FCAPS records. > > Please see github issue > https://github.com/linux-audit/audit-kernel/issues/103 > > Signed-off-by: Richard Guy Briggs > --- > Passes audit-testsuite. > > include/linux/capability.h | 5 +++-- > kernel/audit.c | 6 ++++-- > kernel/audit.h | 1 + > kernel/auditsc.c | 4 ++++ > security/commoncap.c | 2 ++ > 5 files changed, 14 insertions(+), 4 deletions(-) > > diff --git a/include/linux/capability.h b/include/linux/capability.h > index f640dcbc880c..f6bb691547fd 100644 > --- a/include/linux/capability.h > +++ b/include/linux/capability.h > @@ -14,7 +14,7 @@ > #define _LINUX_CAPABILITY_H > > #include > - > +#include > > #define _KERNEL_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_3 > #define _KERNEL_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_3 > @@ -25,11 +25,12 @@ > __u32 cap[_KERNEL_CAPABILITY_U32S]; > } kernel_cap_t; > > -/* exact same as vfs_cap_data but in cpu endian and always filled completely */ > +/* exact same as vfs_ns_cap_data but in cpu endian and always filled completely */ Removed "exact" from the comment above so it fits an 80 char line width. Please watch for this in your patches, I care a lot about line widths. Otherwise as long as Serge is happy with the capabilities bits, I'm happy with the audit bits; merged. -- paul moore www.paul-moore.com