Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp3877462yba; Tue, 9 Apr 2019 06:42:03 -0700 (PDT) X-Google-Smtp-Source: APXvYqx2+yEsFhx6dJNQ7tQkbEXrN9F6gOggYZ1AAjK2TOFSngmbAf4e/CINa8b72tItPCWefoA5 X-Received: by 2002:a17:902:b7cc:: with SMTP id v12mr29349161plz.166.1554817323344; Tue, 09 Apr 2019 06:42:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554817323; cv=none; d=google.com; s=arc-20160816; b=AYa2HtueUgibKJae1E/DlXk9oJEkdIW36V6X47f4t36TLAKkwC8dtaNrpgtS8nt4DL ZBs0i0vSmtHfrABExY8N20Zea/J2TovpQLWFsBbJV8B2VyDMapwhC0DTY0LK4jwoGgTX OyPrniSJoLKSQwavK0IIBFbeSluETsl5CAnyQAvAAL1bcKVmJ+/Ux7zVVhR0nmKXUblH 77hEiR/XqGqE/XuWddBK6dwuXD+sn445jOv1uV+woYFJy9CtVNKNpx2hE1E8q1Sdj/kE vEQbPBw5SIthgT7A8NqFGOdthW3EfOVSwtRFJJBKRP/5lkbU/Mdvp6ofSqh0293xE4TH svHQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=p3vyeIn43IG+brbHELRfPrc4NO3qJy22/cRNmBwEyGY=; b=tSRNS93hC1Jkkw2fiOtJtGtSexqOCaZcBq7CJBHVp8Wl2A07zjd5cC7yBNxz9JuaCG 5TBtkIXPU4O4WftRvuyNzNmnVrRxH3qyN3pNcZ1xUpbNstEZSZfNRchzFfK9IUsHablk KLYuJ9NmPY7Zj9/7zdwh20MNE7ehzBXHo5qzXJp8SO0lOuNfVJUHHxhgQqxLgek23roo 7JlyyZe/NZ0xFj66jqM3nKQpno9/TUhakfkYIX6pz32HK7nXx0njCLHA1J7Q+wRB1uSh OPPLrCGvWRKBIsPyhhk1qtIb2kLa+vOFDuMJPmeIqSxghylcU9+Qcxpst/YBsa0q3d5G wopw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=YEhdK1Tr; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m63si13610431pld.147.2019.04.09.06.41.47; Tue, 09 Apr 2019 06:42:03 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=YEhdK1Tr; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727259AbfDINlN (ORCPT + 99 others); Tue, 9 Apr 2019 09:41:13 -0400 Received: from mail-lj1-f195.google.com ([209.85.208.195]:41088 "EHLO mail-lj1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726531AbfDINlM (ORCPT ); Tue, 9 Apr 2019 09:41:12 -0400 Received: by mail-lj1-f195.google.com with SMTP id k8so14481374lja.8 for ; Tue, 09 Apr 2019 06:41:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=p3vyeIn43IG+brbHELRfPrc4NO3qJy22/cRNmBwEyGY=; b=YEhdK1Tr1X1VAi2x4C9Scm7lUUzJpv+938XjrX0A+cTfKoaFB+Q0mGB01QfJ4S14ca VPn67lqVFVG0ODvDCDcZyb4R6m5UJOkNTaEGIFDSQsUwtxX/CDULbZ7SCSE0Ou84AJpY RUYz7Yx2EnAna3gJwgWun8XzBOHLvMpLJS6O7MoeKDcDzT2tM/n+BHJkqFZyXOqAvGME UumFcqkYcqocGjGk/exUSNSDXNiF2aJyllsIeQCjLrGc7pzav2VZAzAv4sqE3rab0Lzi bkCutZuMsjQifi+XC6TwbGb2H4GKmwztZ1iCEg2mZeVEQILzFRKFrZrKJwS3VKvpHfft MfPw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=p3vyeIn43IG+brbHELRfPrc4NO3qJy22/cRNmBwEyGY=; b=rPASgG5t3XD+2m2HGPFHJgmSv/TToQ64nNAZEHfAQS+dRK2zT3lrbp63e17LMnSeNV SGFPTz106iJengVTXXJlxP26pBGoSrc1a+CUUi2uDQDL101LTsSmtnzWf9ULbVJC+xdW LvcAZmf8cCYAD9IRjTZkixHZovn2eL5SmDI973c/mXSBGZuJnLDCS6AaKJkX0zb+aUF2 JMcc3CvgJw32yl3qsyDFo9MU/Mgd2Q7QpPviRDe4tELjhYEYYPeiNlHjvFhyYhL6MKaa LtZTPrM0/cQErdEHd3rTqyMpmzsUzwLVs/UdUnLVFK3Y7+18Kx4YJicYG1R+lmjQDzoR BIEA== X-Gm-Message-State: APjAAAUTiFh7ImbAbxOJDmjYSmZaqy9sn+NYE1if44jMsky/DTGZI8Yq TXywNrLcrrs/USOC7h/K1pc68AC91eMS/dui9OxY X-Received: by 2002:a2e:9649:: with SMTP id z9mr2697569ljh.92.1554817269998; Tue, 09 Apr 2019 06:41:09 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Paul Moore Date: Tue, 9 Apr 2019 09:40:58 -0400 Message-ID: Subject: Re: [PATCH ghak90 V6 05/10] audit: add contid support for signalling the audit daemon To: Ondrej Mosnacek Cc: Richard Guy Briggs , containers@lists.linux-foundation.org, linux-api@vger.kernel.org, Linux-Audit Mailing List , linux-fsdevel@vger.kernel.org, LKML , netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, Steve Grubb , David Howells , Simo Sorce , Eric Paris , "Serge E. Hallyn" , "Eric W . Biederman" , nhorman@tuxdriver.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 9, 2019 at 8:58 AM Ondrej Mosnacek wrote: > > On Tue, Apr 9, 2019 at 5:40 AM Richard Guy Briggs wrote: > > Add audit container identifier support to the action of signalling the > > audit daemon. > > > > Since this would need to add an element to the audit_sig_info struct, > > a new record type AUDIT_SIGNAL_INFO2 was created with a new > > audit_sig_info2 struct. Corresponding support is required in the > > userspace code to reflect the new record request and reply type. > > An older userspace won't break since it won't know to request this > > record type. > > > > Signed-off-by: Richard Guy Briggs > > This looks good to me. > > Reviewed-by: Ondrej Mosnacek > > Although I'm wondering if we shouldn't try to future-proof the > AUDIT_SIGNAL_INFO2 format somehow, so that we don't need to add > another AUDIT_SIGNAL_INFO3 when the need arises to add yet-another > identifier to it... The simplest solution I can come up with is to add > a "version" field at the beginning (set to 2 initially), then v_len > at the beginning of data for version . But maybe this is too > complicated for too little gain... FWIW, I believe the long term solution to this is the fabled netlink attribute approach that we haven't talked about in some time, but I keep dreaming about (it has been mostly on the back burner becasue 1) time and 2) didn't want to impact the audit container ID work). While I'm not opposed to trying to make things like this a bit more robust by adding version fields and similar things, there are still so many (so very many) problems with the audit kernel/userspace interface that still need to be addressed. -- paul moore www.paul-moore.com