Received: by 2002:a25:31c3:0:0:0:0:0 with SMTP id x186csp194488ybx; Wed, 30 Oct 2019 13:31:16 -0700 (PDT) X-Google-Smtp-Source: APXvYqwvaO/5n7maWg1cv76Om77qDxEpr1cI/1VMBpRofSe9nK+NY/QnyqveYVv/XJDi0QCNTs42 X-Received: by 2002:a50:fd1a:: with SMTP id i26mr1859039eds.272.1572467476185; Wed, 30 Oct 2019 13:31:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1572467476; cv=none; d=google.com; s=arc-20160816; b=sIqdiT2YhNhkhTd6QCbjgmdGeDq0C7WcDFQKNjZHzmBepH0n+k8iMG6nBWS6Ds52S8 TSetPx6ZpQ7gTLfTmr7FgT1YZUyPHbGPgxbWGtCUG+YkZV40LoAOLzvkpzT+lp6idMdR +hSAsUC6P4sUgjMN4B/Nxnp7amK/FgMHezVJ6rcoYXTZOJzvLs4p3z7uKT+JKx45XnKu ivb76/u5bDaLBR1hLDPgj6Gn93eH+d+apOQo0Ggq1weeZw/Hfjd6S1MUGkROUG1n4glb sKMCv1nKo23qzXfLI64EJFSUbwi9NNlnIn6HnvXyRXHuJEmf4etkW8TsWasi5D6ii/G5 qlHg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=ThGwTwTp4bZorwdaVrJo5UrBBQpibM4/aFgMPeqwm5E=; b=hEM+HtZ9b5WFOqYdGnL+fa4WoBgDLhNUuUoYJZKVvMDvVRKARhyILEa+2o5joGacIa 4g6JK/EySN9+/F06SwnzF9B58HyEkGmY8Mm+chlVyyYHNR57wlaM/0JE+xTV6u+ZUA3W YxYca0l6cD5bKB6nMMP5I2WirzX72Vtn/VZ00HH+o7WrAjrC9lV+VwavPVPE0atIlbyd 3JVvyzxgL4/R2oIcrAYioecrkfWOx6WuYNByH/8cmNxgXBWc4OScX45kuV0dD3+3u3G7 ODaVxwropbaADvukR4YEHVRiD2CFY6eReszR7HCwrac2V6N4sL47AR1u2Gm0nwaDqsUL lb5g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=Gm26HZjB; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k23si1954131ejr.298.2019.10.30.13.30.51; Wed, 30 Oct 2019 13:31:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=Gm26HZjB; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726871AbfJ3U1w (ORCPT + 99 others); Wed, 30 Oct 2019 16:27:52 -0400 Received: from mail-lj1-f195.google.com ([209.85.208.195]:35454 "EHLO mail-lj1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726834AbfJ3U1u (ORCPT ); Wed, 30 Oct 2019 16:27:50 -0400 Received: by mail-lj1-f195.google.com with SMTP id m7so4172958lji.2 for ; Wed, 30 Oct 2019 13:27:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ThGwTwTp4bZorwdaVrJo5UrBBQpibM4/aFgMPeqwm5E=; b=Gm26HZjBU2uuF0YwNHad3PnEOS9hPuQTAg5xL7kLdu1O0WluIGq1cH3+PRhpQA13vV DzJcMXPCM9W8+4OJdqpUeo+8QRGh5ku4KjkX3UXlZwiY0DplbVDpIeYteu6gUojdVbs5 mUtDG6M08OxHZHB8ByhYFJU5gRby7guMdJOT5/rDe1UgpD+wozzw+ldkHqw2hOGWgSgX z2TG+GeNvNZTeklnHV4TABaWX73PY1s8dd/WdZEldbqY0CI8zPzqKKtvWrYIMtCXgbL9 9QaZ/ySBZRyXq/rzWIbzVIdEiwfPLCVIKoMAl2zXvtZapKIHcEUdOj3jmaGDvAyziTnw jT2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ThGwTwTp4bZorwdaVrJo5UrBBQpibM4/aFgMPeqwm5E=; b=aV10UKcZYDTtwxquWtTE/DNR6fy0wEkKg6sTjls91PeWgfyMEaxXD4PzHx/06d8Zns EHkhN1akMRXgb8rA6md4AuKdT6E3+Ckta4BfIJ743asim+hqT2gOgoYdEwtZ6Ews1DRg TNzcvbSh6KqH8kf4RW5BgTYygJg7OpUFgp7Q1YOjWYC4W+vlvBwi3JaKup0SmIBAosZi zImPb8ATu6rGUvuQJ2WIGe3bdhCA/bH9/TZWqgfZbA58U7BN2Vc+sxBWTbKvm2ioE1kY tnec8amYbvT/TKL93HC7RFmHDLoyEUJrJv6VuZY34orL1GQMY/l67rxZYMICWnLV5oxw iNVQ== X-Gm-Message-State: APjAAAUkDHVYQyu3orBIoTrPFRNxx9843NqCrqGGfx1KtKSMQKMsNJBU 4Os0JJDVz21RN58cO5jFi2DytYYR8lD6SNzO77vA X-Received: by 2002:a2e:58d:: with SMTP id 135mr1059911ljf.57.1572467266987; Wed, 30 Oct 2019 13:27:46 -0700 (PDT) MIME-Version: 1.0 References: <214163d11a75126f610bcedfad67a4d89575dc77.1568834525.git.rgb@redhat.com> <20191019013904.uevmrzbmztsbhpnh@madcap2.tricolour.ca> <20191021213824.6zti5ndxu7sqs772@madcap2.tricolour.ca> <20191021235734.mgcjotdqoe73e4ha@madcap2.tricolour.ca> <20191024210010.owwgc3bqbvtdsqws@madcap2.tricolour.ca> In-Reply-To: <20191024210010.owwgc3bqbvtdsqws@madcap2.tricolour.ca> From: Paul Moore Date: Wed, 30 Oct 2019 16:27:35 -0400 Message-ID: Subject: Re: [PATCH ghak90 V7 20/21] audit: add capcontid to set contid outside init_user_ns To: Richard Guy Briggs Cc: containers@lists.linux-foundation.org, linux-api@vger.kernel.org, Linux-Audit Mailing List , linux-fsdevel@vger.kernel.org, LKML , netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, sgrubb@redhat.com, omosnace@redhat.com, dhowells@redhat.com, simo@redhat.com, Eric Paris , Serge Hallyn , ebiederm@xmission.com, nhorman@tuxdriver.com, Dan Walsh , mpatel@redhat.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Oct 24, 2019 at 5:00 PM Richard Guy Briggs wrote: > Here's the note I had from that meeting: > > - Eric raised the issue that using /proc is likely to get more and more > hoary due to mount namespaces and suggested that we use a netlink > audit message (or a new syscall) to set the audit container identifier > and since the loginuid is a similar type of operation, that it should be > migrated over to a similar mechanism to get it away from /proc. Get > could be done with a netlink audit message that triggers an audit log > message to deliver the information. I'm reluctant to further pollute > the syscall space if we can find another method. The netlink audit > message makes sense since any audit-enabled service is likely to already > have an audit socket open. Thanks for the background info on the off-list meeting. I would encourage you to have discussions like this on-list in the future; if that isn't possible, hosting a public call would okay-ish, but a distant second. At this point in time I'm not overly concerned about /proc completely going away in namespaces/containers that are full featured enough to host a container orchestrator. If/when reliance on procfs becomes an issue, we can look at alternate APIs, but given the importance of /proc to userspace (including to audit) I suspect we are going to see it persist for some time. I would prefer to see you to drop the audit container ID netlink API portions of this patchset and focus on the procfs API. Also, for the record, removing the audit loginuid from procfs is not something to take lightly, if at all; like it or not, it's part of the kernel API. -- paul moore www.paul-moore.com