Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp3901862yba; Tue, 9 Apr 2019 07:09:39 -0700 (PDT) X-Google-Smtp-Source: APXvYqylP6QCtn6IrBZt7ZKBfWtlnER4B6fwG6C5kWbAwPjercAab/eOeMasLPdqu9LtvjVNfG+Q X-Received: by 2002:a17:902:be0a:: with SMTP id r10mr36141607pls.4.1554818978992; Tue, 09 Apr 2019 07:09:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554818978; cv=none; d=google.com; s=arc-20160816; b=sfMiGiC8DTzr2ieHzcIxddINHUCQuGFluziceuIP//bPxIHDxjWfg229SKlYOE/7S7 hlbreDStC/fTqZSSRKh519tHaceXez2Qckini0qv0hh8s2lXb9OuBAvLCSM5ckwCZx1d vSvhQTdm8vqMSQOPsg9noBvHU6d+AXB2M8XlX26/WZXccniOuMZ9KgOYtO7JXlylZqNf kC4bl5TAhKiiIUQ7Gh0M3NqXgW9IyOvhVfWhXD+zYW0iRObCf95zWkl1kO7c/5Els37X FNm2z+1zdS5oMUmCPbzUyoF0tFwMtwBsmj5+PCnnPoLCaws8sIF5jdhw/6BezQWOKNHt Nf7Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=bJqwsdxna4Q7olx1D3bxkirl81KCJrqbp6C3D799jOY=; b=LzIjrSa3wPBKs1PWNJdz1iPTlNNg9xop0aMil9udO345Zp5F4tV+yTH34o6E5BUzC5 D4EiQ3sc8+s+A+pJse2XnLXq22jvYrApSe3EopvOkNFVFW2Rv8AtzmnzOemyjiSMk4P/ WUUbqOPed7TMbtxVCPoe5uX/GSUpD887K3c25HNpNDcIG1my5f4MhC7dTX1gtCwu0K0C mbNNenUVTRmYyiEVQ5QvF3GOjj1JACYayB6vKXzADpV+mBimtiXIYZTHg56xLzBTywYG cY26xtZlTi3kJ2jaUhalepRn/YziPwhf5azzL4FEr3G9EUcl5OmPMJee74Fb82X5Nk7/ RRlg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=RYaMYmZg; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k10si30202043pfj.132.2019.04.09.07.09.23; Tue, 09 Apr 2019 07:09:38 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=RYaMYmZg; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726664AbfDIOIt (ORCPT + 99 others); Tue, 9 Apr 2019 10:08:49 -0400 Received: from mail-lj1-f193.google.com ([209.85.208.193]:42941 "EHLO mail-lj1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726479AbfDIOIs (ORCPT ); Tue, 9 Apr 2019 10:08:48 -0400 Received: by mail-lj1-f193.google.com with SMTP id v22so14587220lje.9 for ; Tue, 09 Apr 2019 07:08:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=bJqwsdxna4Q7olx1D3bxkirl81KCJrqbp6C3D799jOY=; b=RYaMYmZgaC0PAGqbNW8JyoyXmTkaZWh0jFfuadqfVhFNh4yifjUEeeaDfGvqPhnfo9 QI+BexXT3kmM4AhboT/k0KecivnHifHJcSp+cNIAp8nL50MOF8C5OQe31hzSxh8mGUei +J8XTagY0dOGuNc/NUImPnO1tlmBVw7QrTQuyCucsN/TXYBzPE4Omo2+JoQdK+92qgOW fME30PGDubQUNYvOjA7EaHwUo0hdpWwh101+n5pw+57np51nP8SstJufG7BFTUH8ZzVI e2hYxtTdlWRnhnpfPDsMbo3qj3DUhGLMajgvWnAgj6/5mCc6retn1xvIIbhku6J0PrD1 IFww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=bJqwsdxna4Q7olx1D3bxkirl81KCJrqbp6C3D799jOY=; b=p/njlZjH6a07Q/N6VHQ3dVUlujrfflhZZFNhpwil6HcRWzrFTlPoKGJ/8IzHyJhjSc iftKM7LvWaqiAY/Im0awWLydwbon7NZ31fcq9SjGpeMebWvYYCDCJLsOkHe5EI/SM01M JCEsgtyeh9A/UF7VIu09VL2zBssL2QtvEqd25XB4FqDkbao5nswybkyVhA0tf1/YHd1f i/5g6Qtl+kyy2yYOCwciTYa5t+ssybTupzScr6GDRQprkuXA3bEo4gf3LMibuOPfRAKo wg4KpeUcivRSgbUWRzfADCUUTZTO/yP+Vv6NsqPJHQ8nStVs2/5nfoEThT394Wezh8FU ckDg== X-Gm-Message-State: APjAAAU8mYr1cV7+SA726ABcRn+9sLZ+Wj6nZF5H/rqkNAbNHn36z9uo 5iDwgkCIJLNmNyx2Co6u11kImRM/388kUOHrbVH1 X-Received: by 2002:a2e:4e12:: with SMTP id c18mr741895ljb.3.1554818926625; Tue, 09 Apr 2019 07:08:46 -0700 (PDT) MIME-Version: 1.0 References: <20190409135304.rgkcpgya6h3ciphy@madcap2.tricolour.ca> In-Reply-To: <20190409135304.rgkcpgya6h3ciphy@madcap2.tricolour.ca> From: Paul Moore Date: Tue, 9 Apr 2019 10:08:35 -0400 Message-ID: Subject: Re: [PATCH ghak90 V6 05/10] audit: add contid support for signalling the audit daemon To: Richard Guy Briggs Cc: Ondrej Mosnacek , containers@lists.linux-foundation.org, linux-api@vger.kernel.org, Linux-Audit Mailing List , linux-fsdevel@vger.kernel.org, LKML , netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, Steve Grubb , David Howells , Simo Sorce , Eric Paris , "Serge E. Hallyn" , "Eric W . Biederman" , nhorman@tuxdriver.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 9, 2019 at 9:53 AM Richard Guy Briggs wrote: > On 2019-04-09 09:40, Paul Moore wrote: > > On Tue, Apr 9, 2019 at 8:58 AM Ondrej Mosnacek wrote: > > > On Tue, Apr 9, 2019 at 5:40 AM Richard Guy Briggs wrote: > > > > Add audit container identifier support to the action of signalling the > > > > audit daemon. > > > > > > > > Since this would need to add an element to the audit_sig_info struct, > > > > a new record type AUDIT_SIGNAL_INFO2 was created with a new > > > > audit_sig_info2 struct. Corresponding support is required in the > > > > userspace code to reflect the new record request and reply type. > > > > An older userspace won't break since it won't know to request this > > > > record type. > > > > > > > > Signed-off-by: Richard Guy Briggs > > > > > > This looks good to me. > > > > > > Reviewed-by: Ondrej Mosnacek > > > > > > Although I'm wondering if we shouldn't try to future-proof the > > > AUDIT_SIGNAL_INFO2 format somehow, so that we don't need to add > > > another AUDIT_SIGNAL_INFO3 when the need arises to add yet-another > > > identifier to it... The simplest solution I can come up with is to add > > > a "version" field at the beginning (set to 2 initially), then v_len > > > at the beginning of data for version . But maybe this is too > > > complicated for too little gain... > > > > FWIW, I believe the long term solution to this is the fabled netlink > > attribute approach that we haven't talked about in some time, but I > > keep dreaming about (it has been mostly on the back burner becasue 1) > > time and 2) didn't want to impact the audit container ID work). While > > I'm not opposed to trying to make things like this a bit more robust > > by adding version fields and similar things, there are still so many > > (so very many) problems with the audit kernel/userspace interface that > > still need to be addressed. > > While this particular message type is used very infrequently, adding a > version field to every message type strikes me as a huge overhead for > the small likelihood of the format needing to change. > > I'd prefer to just key it off the AUDIT_FEATURE_BITMAP or some other > easily detectable change in this distinguishing feature, such as the > presence of /proc/self/audit_containerid, which is what I've done in the > accompanying userspace patchset that I'm preparing to post that works > with this change. That's fine. As I said, I'm not overly worried about this; I view this as a bit of a necessary hack. -- paul moore www.paul-moore.com