Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp3837244yba; Tue, 9 Apr 2019 06:00:26 -0700 (PDT) X-Google-Smtp-Source: APXvYqykOCkqBTDGDvQJ8j/19JsK6naUph0BD6RPiaJmeHPRC2MYKszuKr/DVnv6slexQiVbxq3o X-Received: by 2002:aa7:864a:: with SMTP id a10mr36662441pfo.181.1554814826703; Tue, 09 Apr 2019 06:00:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554814826; cv=none; d=google.com; s=arc-20160816; b=X+I4A87IA+vR5eakHkscLYT8sYK2eLmm+qphXgm5+ORnSjwOeC8eNJd4QLG2qTszaa dGXxsA+p7AcfT+zWXrJiFaz1AS2Z8RE6G64eJ3ORKdXOb7Av9bOaWn1m73USFWVNmvQR FgrdvzIXCmbrM37o6DbIeQJYRiskM5zNVfLG9Dd0fIJZyAzWOaY8fdZOR/Feq4pz1iyG z1/O+Y478roCNIR30CP5od91pQ6yjKyZC5oYNs7kPOs5ZVCvO89FU1jIcrf3BIkpS4As DnFLVzv7AdU3IH9vFVaHhsL1W4m/KDS7oaL6/xVS56DBcpDOnWtO0zbUrVXl4h8ldIKz 7M+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version; bh=BwXo0uFNihYstUH5LVz3cKdXiA5bwZ5eOv+D7iD7tJk=; b=OS54o/huXEWd2RtQGHBVeY6xQKuavi8GfQmbwcTZFccLT6HRYjV5mZfV1s533qMIyG o6O1dR+CDo7YBov2s8G9syTRK7Sj2JWrafuINIwXmtP6puYvuFDoZMsAWJ/P2tLupNoC xHZSnJ+CKiq1BT1vXsSHFSOilO2C9qA5xYSG4s127TfxojGvn4vIUpiiyczF60E4Dxi5 IuPr654gyyQzxc/MNlrhwuIw6f1WR7W3T0k8QuSBrfAN75YN2sgBVgKYVlt/V32fw5IG ma7vmq1k9cig/XEUjYQ5nWmrg6X8BnBglAg5NEiWPpU1N5OH7vEq4e7ktn/LFd3mknUD c5Bg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id cb16si21082461plb.227.2019.04.09.06.00.10; Tue, 09 Apr 2019 06:00:26 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727429AbfDIM6C (ORCPT + 99 others); Tue, 9 Apr 2019 08:58:02 -0400 Received: from mail-ot1-f66.google.com ([209.85.210.66]:36505 "EHLO mail-ot1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727361AbfDIM6B (ORCPT ); Tue, 9 Apr 2019 08:58:01 -0400 Received: by mail-ot1-f66.google.com with SMTP id o74so15428184ota.3 for ; Tue, 09 Apr 2019 05:58:01 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=BwXo0uFNihYstUH5LVz3cKdXiA5bwZ5eOv+D7iD7tJk=; b=Nf/vEw69NOGPJRHbTXvEO5hMCwHfpJbqDY8E33/x3+MOKWCz8ojY1CFphOjlM691qG U1Sc/m3AJ4yjF5thYuCjrWrPqYsvd0jXq492Mx1IS3LIxQxmJ3WNDBL/HPllbmBH7oyI /3xpqpIh3yh8bXaz5v+je0dcRkinzeG5iVEeUW1wjqULPkYUxwfogf4E8ItkcJUgzjN0 ajUXBuRX8bJFX5oK/jQ8DZL4fZJOTs+WoIif1vJmrnpVglSyC4s34oWXGxPqB7rLqHgf tQvmVajQn86O3KxcOLu8YfDlXWR607XlPGjKxFF4Uo0PyzzvapfGGcTPSR9jhD6MJSsu BHMg== X-Gm-Message-State: APjAAAXLlQTY8BPxvKhfNKqU9KU2w3GntCdVwdKefrKsx3AvZFaaboo6 6VSW/btOUc/T2d2RgMIAFCWanAVuX0dQRv0evmmeZ1jX X-Received: by 2002:a9d:6941:: with SMTP id p1mr23213980oto.64.1554814680445; Tue, 09 Apr 2019 05:58:00 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Ondrej Mosnacek Date: Tue, 9 Apr 2019 14:57:50 +0200 Message-ID: Subject: Re: [PATCH ghak90 V6 05/10] audit: add contid support for signalling the audit daemon To: Richard Guy Briggs Cc: containers@lists.linux-foundation.org, linux-api@vger.kernel.org, Linux-Audit Mailing List , linux-fsdevel@vger.kernel.org, LKML , netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, Paul Moore , Steve Grubb , David Howells , Simo Sorce , Eric Paris , "Serge E. Hallyn" , "Eric W . Biederman" , nhorman@tuxdriver.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 9, 2019 at 5:40 AM Richard Guy Briggs wrote: > Add audit container identifier support to the action of signalling the > audit daemon. > > Since this would need to add an element to the audit_sig_info struct, > a new record type AUDIT_SIGNAL_INFO2 was created with a new > audit_sig_info2 struct. Corresponding support is required in the > userspace code to reflect the new record request and reply type. > An older userspace won't break since it won't know to request this > record type. > > Signed-off-by: Richard Guy Briggs This looks good to me. Reviewed-by: Ondrej Mosnacek Although I'm wondering if we shouldn't try to future-proof the AUDIT_SIGNAL_INFO2 format somehow, so that we don't need to add another AUDIT_SIGNAL_INFO3 when the need arises to add yet-another identifier to it... The simplest solution I can come up with is to add a "version" field at the beginning (set to 2 initially), then v_len at the beginning of data for version . But maybe this is too complicated for too little gain... > --- > include/linux/audit.h | 7 +++++++ > include/uapi/linux/audit.h | 1 + > kernel/audit.c | 27 +++++++++++++++++++++++++++ > kernel/audit.h | 1 + > kernel/auditsc.c | 1 + > security/selinux/nlmsgtab.c | 1 + > 6 files changed, 38 insertions(+) > > diff --git a/include/linux/audit.h b/include/linux/audit.h > index 43438192ca2a..c2dec9157463 100644 > --- a/include/linux/audit.h > +++ b/include/linux/audit.h > @@ -37,6 +37,13 @@ struct audit_sig_info { > char ctx[0]; > }; > > +struct audit_sig_info2 { > + uid_t uid; > + pid_t pid; > + u64 cid; > + char ctx[0]; > +}; > + > struct audit_buffer; > struct audit_context; > struct inode; > diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h > index 55fde9970762..10cc67926cf1 100644 > --- a/include/uapi/linux/audit.h > +++ b/include/uapi/linux/audit.h > @@ -72,6 +72,7 @@ > #define AUDIT_SET_FEATURE 1018 /* Turn an audit feature on or off */ > #define AUDIT_GET_FEATURE 1019 /* Get which features are enabled */ > #define AUDIT_CONTAINER_OP 1020 /* Define the container id and info */ > +#define AUDIT_SIGNAL_INFO2 1021 /* Get info auditd signal sender */ > > #define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages mostly uninteresting to kernel */ > #define AUDIT_USER_AVC 1107 /* We filter this differently */ > diff --git a/kernel/audit.c b/kernel/audit.c > index 3e0af53f3c4d..87e1d367f98c 100644 > --- a/kernel/audit.c > +++ b/kernel/audit.c > @@ -138,6 +138,7 @@ struct audit_net { > kuid_t audit_sig_uid = INVALID_UID; > pid_t audit_sig_pid = -1; > u32 audit_sig_sid = 0; > +u64 audit_sig_cid = AUDIT_CID_UNSET; > > /* Records can be lost in several ways: > 0) [suppressed in audit_alloc] > @@ -1097,6 +1098,7 @@ static int audit_netlink_ok(struct sk_buff *skb, u16 msg_type) > case AUDIT_ADD_RULE: > case AUDIT_DEL_RULE: > case AUDIT_SIGNAL_INFO: > + case AUDIT_SIGNAL_INFO2: > case AUDIT_TTY_GET: > case AUDIT_TTY_SET: > case AUDIT_TRIM: > @@ -1260,6 +1262,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) > struct audit_buffer *ab; > u16 msg_type = nlh->nlmsg_type; > struct audit_sig_info *sig_data; > + struct audit_sig_info2 *sig_data2; > char *ctx = NULL; > u32 len; > > @@ -1519,6 +1522,30 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) > sig_data, sizeof(*sig_data) + len); > kfree(sig_data); > break; > + case AUDIT_SIGNAL_INFO2: > + len = 0; > + if (audit_sig_sid) { > + err = security_secid_to_secctx(audit_sig_sid, &ctx, &len); > + if (err) > + return err; > + } > + sig_data2 = kmalloc(sizeof(*sig_data2) + len, GFP_KERNEL); > + if (!sig_data2) { > + if (audit_sig_sid) > + security_release_secctx(ctx, len); > + return -ENOMEM; > + } > + sig_data2->uid = from_kuid(&init_user_ns, audit_sig_uid); > + sig_data2->pid = audit_sig_pid; > + if (audit_sig_sid) { > + memcpy(sig_data2->ctx, ctx, len); > + security_release_secctx(ctx, len); > + } > + sig_data2->cid = audit_sig_cid; > + audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO2, 0, 0, > + sig_data2, sizeof(*sig_data2) + len); > + kfree(sig_data2); > + break; > case AUDIT_TTY_GET: { > struct audit_tty_status s; > unsigned int t; > diff --git a/kernel/audit.h b/kernel/audit.h > index e2912924af0d..c5ac6436317e 100644 > --- a/kernel/audit.h > +++ b/kernel/audit.h > @@ -345,6 +345,7 @@ extern void audit_filter_inodes(struct task_struct *tsk, > extern pid_t audit_sig_pid; > extern kuid_t audit_sig_uid; > extern u32 audit_sig_sid; > +extern u64 audit_sig_cid; > > extern int audit_filter(int msgtype, unsigned int listtype); > > diff --git a/kernel/auditsc.c b/kernel/auditsc.c > index eea445b7a181..0a29a00feaf1 100644 > --- a/kernel/auditsc.c > +++ b/kernel/auditsc.c > @@ -2405,6 +2405,7 @@ int audit_signal_info(int sig, struct task_struct *t) > else > audit_sig_uid = uid; > security_task_getsecid(current, &audit_sig_sid); > + audit_sig_cid = audit_get_contid(current); > } > > if (!audit_signals || audit_dummy_context()) > diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c > index 9cec81209617..682fe7397762 100644 > --- a/security/selinux/nlmsgtab.c > +++ b/security/selinux/nlmsgtab.c > @@ -132,6 +132,7 @@ struct nlmsg_perm { > { AUDIT_DEL_RULE, NETLINK_AUDIT_SOCKET__NLMSG_WRITE }, > { AUDIT_USER, NETLINK_AUDIT_SOCKET__NLMSG_RELAY }, > { AUDIT_SIGNAL_INFO, NETLINK_AUDIT_SOCKET__NLMSG_READ }, > + { AUDIT_SIGNAL_INFO2, NETLINK_AUDIT_SOCKET__NLMSG_READ }, > { AUDIT_TRIM, NETLINK_AUDIT_SOCKET__NLMSG_WRITE }, > { AUDIT_MAKE_EQUIV, NETLINK_AUDIT_SOCKET__NLMSG_WRITE }, > { AUDIT_TTY_GET, NETLINK_AUDIT_SOCKET__NLMSG_READ }, > -- > 1.8.3.1 > -- Ondrej Mosnacek Software Engineer, Security Technologies Red Hat, Inc.