Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp5735822img; Wed, 27 Mar 2019 14:18:16 -0700 (PDT) X-Google-Smtp-Source: APXvYqxdKOhOwaTyDbQ7EYsq82nx7lxppfcQVIj2+ofmZW3tdy1//khFHdEF/vyqOMITbh2l9VOu X-Received: by 2002:a17:902:6b48:: with SMTP id g8mr38804768plt.21.1553721496610; Wed, 27 Mar 2019 14:18:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553721496; cv=none; d=google.com; s=arc-20160816; b=GanceBeBjH5q4Rx6+SNaHAvnZruYuAypnNx39B5b4l9JD/GZX9Q4d78D/mLEawXkHG QN4myrW72/wKNUmvjInKSdVmUuhE/DipVUp3IwMr10IUFj3b9SJoyGkUbIV1cR17Oic5 qx3kvsBzGQT+gGiXbh1X/noxIDpfDjJyVbJrp2ILjJHB1dmEbP/qnmcPCAJAZFC7ifOF ZMVj7+Qog3SHAfimm+xqj098b9lYf4ggRZedYW17FHc5zjsNPqkT+YSBDG0yaaKgs7Hx tpCWb08JOIipYY+8MJ35zS+owgk83gLqZBtQCBto7JXwQpLv3NJ7gbctU2cSExznRmFB OHkA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version; bh=BBdzqCeQMHcoqYr9jcZnmkytQeItgBZTai/slYi5Ggo=; b=YO7jUCHSJEikvXm5V0uagT+7tN4YPvbN9BrW0VM8xX+k1u85SFWdi9I30S8OoZT+gc tCCEwVa/xWcW5ncTTpx7i1Afe7P3IsSH9qWoNiuCnEsi2wRZP23pE3hIBfHRkyY0Fl5O uGP0ICaePNWyzqvBI53WsD8wTYnE9zp7KNTw7Bzt3U0cMyhwPh4agsNYbfIId6gFVwAU o41K21KGhvHCp7WXkNr4jKtllOLhBiAygElPhviYOmYWRZcThhJrSyeGMG3o27gnN/9u 2a2Y1l37SKK37iHmlQmEkqtdSiNjjFKo9yRLK5SQ07otja+YuKWoSPQgUAFMqIT9kWWA BZIg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f10si1355403pgv.589.2019.03.27.14.18.00; Wed, 27 Mar 2019 14:18:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728298AbfC0VRZ (ORCPT + 99 others); Wed, 27 Mar 2019 17:17:25 -0400 Received: from mail-ot1-f67.google.com ([209.85.210.67]:40293 "EHLO mail-ot1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727806AbfC0VRZ (ORCPT ); Wed, 27 Mar 2019 17:17:25 -0400 Received: by mail-ot1-f67.google.com with SMTP id t8so11030081otp.7 for ; Wed, 27 Mar 2019 14:17:24 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=BBdzqCeQMHcoqYr9jcZnmkytQeItgBZTai/slYi5Ggo=; b=aRXrHPd3Jeim2ZnfY1qdhTssq0ZRJgc6iq51GlqQ/wzte1AsDLgEp9IBWaFfGarLEr vWjsn7KOt8EOS/hvpa6eD3Ix8mDxwzNV6SDnnvq1H0JPUPNFhbP/HWjyWNqtMU4WuOc3 /sizSO81CEEiYGNzme4T0ejHuKlslhlh5W7O6XXNBSKm9XNIWilVUmA4rUkW9O6NbVqD 2yzW2IQXyqQckzgK4buO+HZY18RZ8qItWg1LWP2IxyKNXaoaM9GYheTIACCV2V4ZMuKJ hzwdmJK1qwByVL4pyJOibJB/avuOS7G8Z0eRPjs/NJB+5hWw0J+uHeq242LlD+wcsvgO p43A== X-Gm-Message-State: APjAAAUn4v7nBlsbGXew+2cxkA+0Y9OIV3dXjTyYBAckRMxpk+zmnEki J2YgFfJXNdps9mt3+K0fWuC0rgk4mlS3nbIKwXqVnA== X-Received: by 2002:a9d:1b2f:: with SMTP id l44mr9765053otl.217.1553721444358; Wed, 27 Mar 2019 14:17:24 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Ondrej Mosnacek Date: Wed, 27 Mar 2019 22:17:13 +0100 Message-ID: Subject: Re: [PATCH ghak90 V5 05/10] audit: add containerid support for ptrace and signals To: Richard Guy Briggs Cc: containers@lists.linux-foundation.org, linux-api@vger.kernel.org, Linux-Audit Mailing List , linux-fsdevel@vger.kernel.org, LKML , netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, Paul Moore , Steve Grubb , David Howells , Simo Sorce , Eric Paris , "Serge E. Hallyn" , "Eric W . Biederman" , nhorman@tuxdriver.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Mar 15, 2019 at 7:34 PM Richard Guy Briggs wrote: > Add audit container identifier support to ptrace and signals. In > particular, the "ref" field provides a way to label the auxiliary record > to which it is associated. > > Signed-off-by: Richard Guy Briggs > Acked-by: Serge Hallyn > Signed-off-by: Richard Guy Briggs > --- > include/linux/audit.h | 1 + > kernel/audit.c | 2 ++ > kernel/audit.h | 2 ++ > kernel/auditsc.c | 23 +++++++++++++++++------ > 4 files changed, 22 insertions(+), 6 deletions(-) > > diff --git a/include/linux/audit.h b/include/linux/audit.h > index 43438192ca2a..ebd6625ca80e 100644 > --- a/include/linux/audit.h > +++ b/include/linux/audit.h > @@ -35,6 +35,7 @@ struct audit_sig_info { > uid_t uid; > pid_t pid; > char ctx[0]; > + u64 cid; > }; It seems like this structure implicitly defines the format of some message that is sent to userspace... If so, how will userspace detect that a new format (including the cid) is being used? Even assuming the fixed order as pointed out by Neil, the message still seems to be variable-sized so userspace cannot even use the length to infer that. Am I missing something here? (I hope I am :) > > struct audit_buffer; > diff --git a/kernel/audit.c b/kernel/audit.c > index 8cc0e88d7f2a..cfa659b3f6c4 100644 > --- a/kernel/audit.c > +++ b/kernel/audit.c > @@ -138,6 +138,7 @@ struct audit_net { > kuid_t audit_sig_uid = INVALID_UID; > pid_t audit_sig_pid = -1; > u32 audit_sig_sid = 0; > +u64 audit_sig_cid = AUDIT_CID_UNSET; > > /* Records can be lost in several ways: > 0) [suppressed in audit_alloc] > @@ -1515,6 +1516,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) > memcpy(sig_data->ctx, ctx, len); > security_release_secctx(ctx, len); > } > + sig_data->cid = audit_sig_cid; > audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, > sig_data, sizeof(*sig_data) + len); > kfree(sig_data); > diff --git a/kernel/audit.h b/kernel/audit.h > index c00e2ee3c6b3..c5ac6436317e 100644 > --- a/kernel/audit.h > +++ b/kernel/audit.h > @@ -148,6 +148,7 @@ struct audit_context { > kuid_t target_uid; > unsigned int target_sessionid; > u32 target_sid; > + u64 target_cid; > char target_comm[TASK_COMM_LEN]; > > struct audit_tree_refs *trees, *first_trees; > @@ -344,6 +345,7 @@ extern void audit_filter_inodes(struct task_struct *tsk, > extern pid_t audit_sig_pid; > extern kuid_t audit_sig_uid; > extern u32 audit_sig_sid; > +extern u64 audit_sig_cid; > > extern int audit_filter(int msgtype, unsigned int listtype); > > diff --git a/kernel/auditsc.c b/kernel/auditsc.c > index a8c8b44b954d..f04e115df5dc 100644 > --- a/kernel/auditsc.c > +++ b/kernel/auditsc.c > @@ -113,6 +113,7 @@ struct audit_aux_data_pids { > kuid_t target_uid[AUDIT_AUX_PIDS]; > unsigned int target_sessionid[AUDIT_AUX_PIDS]; > u32 target_sid[AUDIT_AUX_PIDS]; > + u64 target_cid[AUDIT_AUX_PIDS]; > char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN]; > int pid_count; > }; > @@ -1514,7 +1515,7 @@ static void audit_log_exit(void) > for (aux = context->aux_pids; aux; aux = aux->next) { > struct audit_aux_data_pids *axs = (void *)aux; > > - for (i = 0; i < axs->pid_count; i++) > + for (i = 0; i < axs->pid_count; i++) { > if (audit_log_pid_context(context, axs->target_pid[i], > axs->target_auid[i], > axs->target_uid[i], > @@ -1522,14 +1523,20 @@ static void audit_log_exit(void) > axs->target_sid[i], > axs->target_comm[i])) > call_panic = 1; > + audit_log_contid(context, axs->target_cid[i]); > + } > } > > - if (context->target_pid && > - audit_log_pid_context(context, context->target_pid, > - context->target_auid, context->target_uid, > - context->target_sessionid, > - context->target_sid, context->target_comm)) > + if (context->target_pid) { > + if (audit_log_pid_context(context, context->target_pid, > + context->target_auid, > + context->target_uid, > + context->target_sessionid, > + context->target_sid, > + context->target_comm)) > call_panic = 1; > + audit_log_contid(context, context->target_cid); > + } > > if (context->pwd.dentry && context->pwd.mnt) { > ab = audit_log_start(context, GFP_KERNEL, AUDIT_CWD); > @@ -2360,6 +2367,7 @@ void __audit_ptrace(struct task_struct *t) > context->target_uid = task_uid(t); > context->target_sessionid = audit_get_sessionid(t); > security_task_getsecid(t, &context->target_sid); > + context->target_cid = audit_get_contid(t); > memcpy(context->target_comm, t->comm, TASK_COMM_LEN); > } > > @@ -2387,6 +2395,7 @@ int audit_signal_info(int sig, struct task_struct *t) > else > audit_sig_uid = uid; > security_task_getsecid(current, &audit_sig_sid); > + audit_sig_cid = audit_get_contid(current); > } > > if (!audit_signals || audit_dummy_context()) > @@ -2400,6 +2409,7 @@ int audit_signal_info(int sig, struct task_struct *t) > ctx->target_uid = t_uid; > ctx->target_sessionid = audit_get_sessionid(t); > security_task_getsecid(t, &ctx->target_sid); > + ctx->target_cid = audit_get_contid(t); > memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); > return 0; > } > @@ -2421,6 +2431,7 @@ int audit_signal_info(int sig, struct task_struct *t) > axp->target_uid[axp->pid_count] = t_uid; > axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); > security_task_getsecid(t, &axp->target_sid[axp->pid_count]); > + axp->target_cid[axp->pid_count] = audit_get_contid(t); > memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); > axp->pid_count++; > > -- > 1.8.3.1 > -- Ondrej Mosnacek Software Engineer, Security Technologies Red Hat, Inc.