Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp1030816ybi; Tue, 16 Jul 2019 08:38:19 -0700 (PDT) X-Google-Smtp-Source: APXvYqzWFgB3rgPv+/mtd0KPI2p8eFjK+sO+tCxddDHNRjRjr7ABuVPZB7n0ifyioE86Y1rw2xB2 X-Received: by 2002:a17:90a:9a83:: with SMTP id e3mr36694569pjp.105.1563291499006; Tue, 16 Jul 2019 08:38:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1563291498; cv=none; d=google.com; s=arc-20160816; b=Fv8Vz9fQzinSCFgjcuMeWzTxNcJkFSU2+vdijTqCgQ8pWc+9AA0xZHFS0YOOuUE0yv y7MZU7bGC5E+QJT9jNPrOFBDOAz/KAphNZYOrZ9r7XSX14aYjrOopoWm66Jh/uCnaflr YzvVDVpfwSppUSEr8dI5xSr9/bINoUYtVrA4JJZljwcDyHfJXSrmIrYllLp0jkSb2QWq 0ZyLEgtiulc/4ldtSXFC547Mxdm8wMu1Tb72gulTjSfh2yzQthiG06JwgbE5RAYEH71x ZJEe1mJmRBmo2dDwUOT/qNXrHKoQoUnFpWo7giRrKyrGm6MbYSItgk4CukdufO41RWNn tJ/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=hbEHuwFx1G4o/OsPUSAByi7Cmd0Pp2EdAT2Z6xqlqiw=; b=HWGBPSpYal2Tyaf3f/G+43PPOHxCIS7TgOHJhWlS9CDbMnJti0peV2I8nT3v1LL0Tb K6fsKzpusowIMrOPqeriUP7Le75/hRqkVbGj9CusfZE4eV8NdjlKTjJslK7DPT+qYNqm voC7fLlw8bhXKdb/JQCMuTjiqr9kWYvR/xvJJZ9SKmsEWrjzzS77OoW+/wR3525ebCP+ vHQ0dx6uTwFZ9cJbk5eGf8MJIXImTJzEPVuf+UlPJY/r1lkE4nFmA9WCJ3tqyrDME40A x27Cp89AQBerym2j/9U8AUcJGrRiLfkXuPICrsprQOPJCIDwYVqnZIM7FCV+D40uAV0V D/ZA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 61si19288542plq.157.2019.07.16.08.38.02; Tue, 16 Jul 2019 08:38:18 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388072AbfGPPhY (ORCPT + 99 others); Tue, 16 Jul 2019 11:37:24 -0400 Received: from mx1.redhat.com ([209.132.183.28]:39774 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387924AbfGPPhX (ORCPT ); Tue, 16 Jul 2019 11:37:23 -0400 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 15163C04BD55; Tue, 16 Jul 2019 15:37:23 +0000 (UTC) Received: from madcap2.tricolour.ca (ovpn-112-14.phx2.redhat.com [10.3.112.14]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E553110021B2; Tue, 16 Jul 2019 15:37:08 +0000 (UTC) Date: Tue, 16 Jul 2019 11:37:05 -0400 From: Richard Guy Briggs To: Paul Moore Cc: Tycho Andersen , "Serge E. Hallyn" , containers@lists.linux-foundation.org, linux-api@vger.kernel.org, Linux-Audit Mailing List , linux-fsdevel@vger.kernel.org, LKML , netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, sgrubb@redhat.com, omosnace@redhat.com, dhowells@redhat.com, simo@redhat.com, Eric Paris , ebiederm@xmission.com, nhorman@tuxdriver.com Subject: Re: [PATCH ghak90 V6 02/10] audit: add container id Message-ID: <20190716153705.xx7dwrhliny5amut@madcap2.tricolour.ca> References: <20190529153427.GB8959@cisco> <20190529222835.GD8959@cisco> <20190530170913.GA16722@mail.hallyn.com> <20190530212900.GC5739@cisco> <20190708181237.5poheliito7zpvmc@madcap2.tricolour.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20180716 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Tue, 16 Jul 2019 15:37:23 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2019-07-15 17:09, Paul Moore wrote: > On Mon, Jul 8, 2019 at 2:12 PM Richard Guy Briggs wrote: > > On 2019-05-30 19:26, Paul Moore wrote: > > ... > > > > I like the creativity, but I worry that at some point these > > > limitations are going to be raised (limits have a funny way of doing > > > that over time) and we will be in trouble. I say "trouble" because I > > > want to be able to quickly do an audit container ID comparison and > > > we're going to pay a penalty for these larger values (we'll need this > > > when we add multiple auditd support and the requisite record routing). > > > > > > Thinking about this makes me also realize we probably need to think a > > > bit longer about audit container ID conflicts between orchestrators. > > > Right now we just take the value that is given to us by the > > > orchestrator, but if we want to allow multiple container orchestrators > > > to work without some form of cooperation in userspace (I think we have > > > to assume the orchestrators will not talk to each other) we likely > > > need to have some way to block reuse of an audit container ID. We > > > would either need to prevent the orchestrator from explicitly setting > > > an audit container ID to a currently in use value, or instead generate > > > the audit container ID in the kernel upon an event triggered by the > > > orchestrator (e.g. a write to a /proc file). I suspect we should > > > start looking at the idr code, I think we will need to make use of it. > > > > To address this, I'd suggest that it is enforced to only allow the > > setting of descendants and to maintain a master list of audit container > > identifiers (with a hash table if necessary later) that includes the > > container owner. > > We're discussing the audit container ID management policy elsewhere in > this thread so I won't comment on that here, but I did want to say > that we will likely need something better than a simple list of audit > container IDs from the start. It's common for systems to have > thousands of containers now (or multiple thousands), which tells me > that a list is a poor choice. You mentioned a hash table, so I would > suggest starting with that over the list for the initial patchset. I saw that as an internal incremental improvement that did not affect the API, so I wanted to keep things a bit simpler (as you've requested in the past) to get this going, and add that enhancement later. I'll start working on it now. The hash table would simply point to lists anyways unless you can recommend a better approach. > paul moore - RGB -- Richard Guy Briggs Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635