Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp262463ybp;
        Thu, 10 Oct 2019 17:44:33 -0700 (PDT)
X-Google-Smtp-Source: APXvYqycaDmi7h+PNevY8iFTZgNzTlJkW62YWVAOxyEQorBSQMXpuHgwQ5Y/ymCZEUmgAz1Xbngd
X-Received: by 2002:a05:6402:1804:: with SMTP id g4mr11010162edy.266.1570754673801;
        Thu, 10 Oct 2019 17:44:33 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1570754673; cv=none;
        d=google.com; s=arc-20160816;
        b=UR/n2mA9ug9qew5EygtszrLwkc4yu7O6CWA2l4+TTsHcHEqF4Nb3E7FIOCRJNbTQ5K
         U+/Zkad4E9KKdc3nhuh+6kKCxQLxUKyS22tBfEZ8HchX7qAhQMXTXBHnGdn9S0pHtB1Q
         JLcxNiAkmt9XEXENEZt7miNmytXcU/7rrMij9iZw6rtaG3c95TKFBvOhrc+7VfWh8f7v
         LWyjeQu0znxH32AWz25V0MQ9OeS+lxLXni4iZOh8jtQwhQHRa6KCT4jnZjJa/HHaubY8
         6X/b5hvPT5nVfNTeP0SQ1adFxFfIRAV7hNHqWOKLXkbjdPJ7/aSsS34OSH1qUtvFpK8x
         0eAg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=9wNy6JFK5djKAuZbuRMlDS+XyW8tF2WH1HB98CJhwX4=;
        b=bZHb681cUyFgEpQ+/rzPhO64u0MyPWD8H46GO+9eh7TRKFc4UsbrvNts+obbklLn43
         C0FpHw3JF6o2chADWXvLFVyJOiUxZfFYreUm11Nhs3VDvb8U/q/n+GLERbujpIqg1RkM
         Z1/tunX0MhZjcb+qM4fUTwVhW8B8Fl6PtjOJ+sWOGeAj4nd+H5HKXPiyiXVTPt2dxnGo
         oEg+PX73AvtMs6MfZeCdd4OjVxEuX2lD0U2pS5NgmmacNK0GYLpp17JNSwVjaK2Q26rZ
         L5zqfRZg51YW4yUwPKZJdROa5jMmt0QedhV8ULNRiOgIYehh7NyzkJtqEeh5JTIbBrcN
         62VQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=Ebgr6hpe;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id u17si3936788edy.145.2019.10.10.17.44.10;
        Thu, 10 Oct 2019 17:44:33 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=Ebgr6hpe;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728104AbfJKAlO (ORCPT <rfc822;tanxianhu@gmail.com> + 99 others);
        Thu, 10 Oct 2019 20:41:14 -0400
Received: from mail-lj1-f196.google.com ([209.85.208.196]:35309 "EHLO
        mail-lj1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727704AbfJKAlN (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 10 Oct 2019 20:41:13 -0400
Received: by mail-lj1-f196.google.com with SMTP id m7so8076400lji.2
        for <linux-kernel@vger.kernel.org>; Thu, 10 Oct 2019 17:41:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=paul-moore-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=9wNy6JFK5djKAuZbuRMlDS+XyW8tF2WH1HB98CJhwX4=;
        b=Ebgr6hpepFByF0DkP5utDnq8dgpXwryts91lmQkxebHKHDitPBleV83coxn3yI9W2o
         4bjKmKWCPPjMPhL8Nq/Rdml5kvyzOdaMmxDE1iIeADKjQ4B3ePZan8TAafgqsmoQqDBo
         DPSQq0Dom4ILIzKaOPRAGB6iBjZKCOwLqRUsFj6Doy+Ihf3ofxWf6aVnflJ+uXxgpKYc
         bbkJw50tNvEfHUPIhBMY1Zh/pD7QtrHNUoMxcmVpT5dFWXFUE49Oh+2y3HcTvrkmCGKi
         d1cVCQqj7IfTxrHF88A0gj3Twf8bqPV2nRUrW6tYaMCpO+AnG3VtKUhbnJoR6lVbp5wI
         hqMA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=9wNy6JFK5djKAuZbuRMlDS+XyW8tF2WH1HB98CJhwX4=;
        b=lrKgB1S0n7LpZiMCOP417KtNK0DSMwZ+gUalwO5X6w5oYbjozl1HlIu0b3AsFAAltW
         8Y/mymvtj0pc8+Y7WGGyDKvqauEH4GILqEkMcu4WYUj3hc4yB/oC/A+1r9RKEi6azgiM
         T+hF2QR7h8NriPrQOnHwYNxv5VaaqlWhEQMjPtwuHacPmfpeM+Rm7UAlWGVv2LSoHbfF
         jMBuEY7pRHgr8yNihNi0YLpoEHwMUWQdkw3yldQVt1MyiNRcg4cqkiDUcsFQqSzQdpbB
         7HYKiG+q6cZCP1GkddLKDI9G6x5APc80unuQo0UpBHyDFrlQuczq7klJC10wRd7e39jt
         pgrA==
X-Gm-Message-State: APjAAAX0mVg39+3imrfuQrkpCX9EWjKApbzXtLbenbqkMl2m7WcF2afl
        NX5eXaFcYQVA1H+Kie3lXs7OLp7EIak4B2vujw/h
X-Received: by 2002:a2e:b17b:: with SMTP id a27mr7770213ljm.243.1570754469730;
 Thu, 10 Oct 2019 17:41:09 -0700 (PDT)
MIME-Version: 1.0
References: <cover.1568834524.git.rgb@redhat.com> <a6b00624ac746bc0df9dd0044311b8364374b25b.1568834525.git.rgb@redhat.com>
In-Reply-To: <a6b00624ac746bc0df9dd0044311b8364374b25b.1568834525.git.rgb@redhat.com>
From:   Paul Moore <paul@paul-moore.com>
Date:   Thu, 10 Oct 2019 20:40:58 -0400
Message-ID: <CAHC9VhT3QNHxXCc_QsC5K5HadAv7AqwNw-Fk+yLECquE_dKmfQ@mail.gmail.com>
Subject: Re: [PATCH ghak90 V7 18/21] audit: track container nesting
To:     Richard Guy Briggs <rgb@redhat.com>
Cc:     containers@lists.linux-foundation.org, linux-api@vger.kernel.org,
        Linux-Audit Mailing List <linux-audit@redhat.com>,
        linux-fsdevel@vger.kernel.org, LKML <linux-kernel@vger.kernel.org>,
        netdev@vger.kernel.org, netfilter-devel@vger.kernel.org,
        sgrubb@redhat.com, omosnace@redhat.com, dhowells@redhat.com,
        simo@redhat.com, Eric Paris <eparis@parisplace.org>,
        Serge Hallyn <serge@hallyn.com>, ebiederm@xmission.com,
        nhorman@tuxdriver.com, Dan Walsh <dwalsh@redhat.com>,
        mpatel@redhat.com
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Sep 18, 2019 at 9:27 PM Richard Guy Briggs <rgb@redhat.com> wrote:
> Track the parent container of a container to be able to filter and
> report nesting.
>
> Now that we have a way to track and check the parent container of a
> container, fixup other patches, or squash all nesting fixes together.
>
> fixup! audit: add container id
> fixup! audit: log drop of contid on exit of last task
> fixup! audit: log container info of syscalls
> fixup! audit: add containerid filtering
> fixup! audit: NETFILTER_PKT: record each container ID associated with a netNS
> fixup! audit: convert to contid list to check for orch/engine ownership softirq (for netfilter) audit: protect contid list lock from softirq
>
> Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> ---
>  include/linux/audit.h |  1 +
>  kernel/audit.c        | 67 ++++++++++++++++++++++++++++++++++++++++++---------
>  kernel/audit.h        |  3 +++
>  kernel/auditfilter.c  | 20 ++++++++++++++-
>  kernel/auditsc.c      |  2 +-
>  5 files changed, 79 insertions(+), 14 deletions(-)

This is my last comment of the patchset because this is where it
starts to get a little weird.  I know we've talked about fixup!
patches some in the past, but perhaps I didn't do a very good job
communicating my poin; let me try again.

Submitting a fixup patch is okay if you've already posted a (lengthy)
patchset and there was a small nit that someone uncovered that needed
to be fixed prior to merging, assuming everyone (this includes the
reviewer, the patch author, and the maintainer) is okay with the
author posting the fix as fixup! patch then go for it.  Done this way,
fixup patches can save a lot of development, testing, and review time.
However, in my opinion it is wrong to submit a patchset that has fixup
patches as part of the original posting.  In this case fixup patches
have the opposite effect: the patchset becomes more complicated,
reviews take longer, and the likelihood of missing important details
increases.

When in doubt, don't submit separate fixup patches, fold them into the
original patches instead.

--
paul moore
www.paul-moore.com