Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp3979678yba;
        Tue, 9 Apr 2019 08:38:22 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwlONZPtqgEA9cyjniwIar2w7Zl3tcO1Qyo6yjDEgxNc4nPXQERTde1irP9dVkVvJCejUN9
X-Received: by 2002:aa7:86ce:: with SMTP id h14mr37860685pfo.84.1554824302603;
        Tue, 09 Apr 2019 08:38:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1554824302; cv=none;
        d=google.com; s=arc-20160816;
        b=DnvN58S/RdO3DlqOqbdE00dJh/n+avBuarzSatmVSsNY+O8VjGAzoZbX9bUT5dk4yY
         ueEPDh6ZOTORJb2xvn0Jo4REBlUT+4uOsl0EZXQ31YWDGo+2Q/Umoyc1OtXqdKymJy85
         EQZUDJN3N6KuirZ7ZcVMS6YVXqdYAR3MrwMUSsxpwAQrKEl3uBtWssoymry8sJiwhPKc
         GpyY5JADp1NfoBWNAtnWcEJ1p3xXPiDPfWPG/pTmjSxDOMrcVXFPY+eB8C7XZb3m1jhq
         OwK6YPnFhu2iVUcC/eiMtoWrPRP+gSq39XCjkpkFWslevj+F0fO9IRsfHwIfiD62Wj8L
         uDqw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :organization:references:in-reply-to:message-id:subject:cc:to:from
         :date;
        bh=zfYaRahDlaxaYdnycvzjn0hSL5XjBHV6SuX1T7a7tQc=;
        b=TWHvhsFrYMG0X6JTZ6xnvBY+UFUSBvCa4RRoLC1QtpQXoiIrOEdFIKQ465tejbCPqM
         mdKvwPe7fVyQK2VYfj5oblmue2ZTdw61kig9uHNtkO6PSxtSspN3boKRjAetkNhBIOVl
         eAYxvV+ue5898PwKq+QbtWEELYagdNejGJz/l4qseFECTunR4HeC6k+gJDaf5m+4Yo4Q
         Tg13+a2YGG7EKdAwt6ucV88m9edvncvHlHQDt+WTYMOwtOlJimRUkvqDTclhjJnU/xR3
         GQZVyUv7Ix6Fcne4xRJkBO26jQPQehxq9YPYmBbIUdObuN07GsNgbgEJfOhp/3lzFT1x
         QJjA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id r5si28477495pgp.29.2019.04.09.08.38.05;
        Tue, 09 Apr 2019 08:38:22 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726554AbfDIPhZ (ORCPT <rfc822;tanxianhu@gmail.com> + 99 others);
        Tue, 9 Apr 2019 11:37:25 -0400
Received: from mx1.redhat.com ([209.132.183.28]:59440 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726372AbfDIPhZ (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 9 Apr 2019 11:37:25 -0400
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mx1.redhat.com (Postfix) with ESMTPS id 24D0A3018ECF;
        Tue,  9 Apr 2019 15:37:25 +0000 (UTC)
Received: from ivy-bridge (ovpn-117-27.ams2.redhat.com [10.36.117.27])
        by smtp.corp.redhat.com (Postfix) with ESMTP id C927B272D1;
        Tue,  9 Apr 2019 15:37:16 +0000 (UTC)
Date:   Tue, 9 Apr 2019 17:37:16 +0200
From:   Steve Grubb <sgrubb@redhat.com>
To:     Richard Guy Briggs <rgb@redhat.com>
Cc:     LKML <linux-kernel@vger.kernel.org>,
        Linux-Audit Mailing List <linux-audit@redhat.com>,
        Paul Moore <paul@paul-moore.com>, omosnace@redhat.com,
        eparis@parisplace.org, ebiederm@xmission.com, oleg@redhat.com
Subject: Re: [PATCH ghak111 V1] audit: deliver siginfo regarless of syscall
Message-ID: <20190409173716.1a0308fb@ivy-bridge>
In-Reply-To: <20190409140259.n4t6rxb24eu3uzvp@madcap2.tricolour.ca>
References: <c7b092894ac6d611f8c5083e712da41e6685f94a.1554781852.git.rgb@redhat.com>
        <20190409080138.745d18a1@ivy-bridge>
        <20190409140259.n4t6rxb24eu3uzvp@madcap2.tricolour.ca>
Organization: Red Hat
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]); Tue, 09 Apr 2019 15:37:25 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, 9 Apr 2019 10:02:59 -0400
Richard Guy Briggs <rgb@redhat.com> wrote:

> On 2019-04-09 08:01, Steve Grubb wrote:
> > On Mon,  8 Apr 2019 23:52:29 -0400 Richard Guy Briggs
> > <rgb@redhat.com> wrote:  
> > > When a process signals the audit daemon (shutdown, rotate, resume,
> > > reconfig) but syscall auditing is not enabled, we still want to
> > > know the identity of the process sending the signal to the audit
> > > daemon.  
> > 
> > Why? If syscall auditing is disabled, then there is no requirement
> > to provide anything. What is the real problem that you are seeing?  
> 
> Shutdown messages with -1 in them rather than the real values.

OK. We can fix that by patching auditd to see if auditing is enabled
before requesting signal info. If auditing is disabled, the proper
action is for the kernel to ignore any audit userspace messages except
the configuration commands.

-Steve