Received: by 2002:a25:31c3:0:0:0:0:0 with SMTP id x186csp411363ybx; Wed, 30 Oct 2019 17:24:57 -0700 (PDT) X-Google-Smtp-Source: APXvYqyMH3NB+rIZLlbSlJYq9KjUVNW4TuMvuF2o15DCOboA/XaXL1+AClBfrBO+XCpYZCj0dQXV X-Received: by 2002:a05:6402:1e3:: with SMTP id i3mr2876241edy.222.1572481496953; Wed, 30 Oct 2019 17:24:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1572481496; cv=none; d=google.com; s=arc-20160816; b=uWFgSRfOYLUAs9ejYEo9Fe30B6qdM/+bEbAZZ9HxWghZyoDLBf4YmNmFBpsmbsXLRE velWFaDFHViiFVbXj9GT+1JM9sh6bq/Kc7qXRauyqk5i8RrF6hMls8OouBdwLA5VAS3a qGTe+A4zG+8UivdDiCvcWDCIWLXbLqNC+5ZUJgs/FMJz9x5xpntwgQ8Rr6hOLdYnwydB TiKMav7C7NnSpcLM34TQA4gadbsEVuEI6vYMZV+4f+rsMuMtbgYTrcN0RvSp+LCWq7RI tylaiite3P7JXpgjaCpyeNieEbTR3vf/Xa8nEdAuwV+vN2ZsXP8MBq7XKRvkO1SUMtVT PK0Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-disposition :content-transfer-encoding:user-agent:in-reply-to:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=IZ23M/gMQsnd17K54zQYAc0WcgVlZvNdQOyTSj0SueE=; b=T4zf/N3OxcymUhydQaTtbFPIy5p6dKAXaHQCpCcXJ3TExmUFBPtnrExwFK8BT9ZBFN D+GVuugWIJS+9M+5rLZMV1eEQZwtfQlHzjJUmTxlmSoUsBbRJAPNm4daR7OyrQRiL7oG 1q0EhQFMnEfAmYLog0BZB57Xxmv/4yTDPg3OltB8Ux1YR8FILxX79ze1cr5kRu5kpV+r vLl+5hTrGSmRp9KA/Xi+mgd56o4MVkY7C+vA7AHkgLyP6xE9nUTQpBeUDsZ9ntLWHMwZ NSkKFTdL6l58cXBQTVZspDTFCsR/8PBavSAKVDteuAdLElsyl/rffyfh0ULIKuf1V4hm IYsw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=SNiDRvpl; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d34si2573688eda.268.2019.10.30.17.24.33; Wed, 30 Oct 2019 17:24:56 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=SNiDRvpl; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727438AbfJ3WEJ (ORCPT + 99 others); Wed, 30 Oct 2019 18:04:09 -0400 Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120]:44505 "EHLO us-smtp-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726765AbfJ3WEI (ORCPT ); Wed, 30 Oct 2019 18:04:08 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1572473046; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=IZ23M/gMQsnd17K54zQYAc0WcgVlZvNdQOyTSj0SueE=; b=SNiDRvpl36/lQi73+cAgETh20xX6XJ8JlG/3IVGCqrl8Ctcz2XBUVDEQj39h1Wbflukt5X Pv3ox8iWU0WNh1uJWti/11oTwSC48wz3MB5MeRgVJ+agP+/VrxQVkJE6VWMDI0nbg7ob2K UKek+mNzBVZK5nF1ZBNBIUeDrxRpXf0= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-346-YodGD9WtO8qS3uIWWEjLYA-1; Wed, 30 Oct 2019 18:04:03 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 31D371005502; Wed, 30 Oct 2019 22:04:00 +0000 (UTC) Received: from madcap2.tricolour.ca (ovpn-112-19.phx2.redhat.com [10.3.112.19]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4FBB15C548; Wed, 30 Oct 2019 22:03:22 +0000 (UTC) Date: Wed, 30 Oct 2019 18:03:20 -0400 From: Richard Guy Briggs To: Paul Moore Cc: containers@lists.linux-foundation.org, linux-api@vger.kernel.org, Linux-Audit Mailing List , linux-fsdevel@vger.kernel.org, LKML , netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, sgrubb@redhat.com, omosnace@redhat.com, dhowells@redhat.com, simo@redhat.com, Eric Paris , Serge Hallyn , ebiederm@xmission.com, nhorman@tuxdriver.com, Dan Walsh , mpatel@redhat.com Subject: Re: [PATCH ghak90 V7 20/21] audit: add capcontid to set contid outside init_user_ns Message-ID: <20191030220320.tnwkaj5gbzchcn7j@madcap2.tricolour.ca> References: <214163d11a75126f610bcedfad67a4d89575dc77.1568834525.git.rgb@redhat.com> <20191019013904.uevmrzbmztsbhpnh@madcap2.tricolour.ca> <20191021213824.6zti5ndxu7sqs772@madcap2.tricolour.ca> <20191021235734.mgcjotdqoe73e4ha@madcap2.tricolour.ca> <20191024210010.owwgc3bqbvtdsqws@madcap2.tricolour.ca> MIME-Version: 1.0 In-Reply-To: User-Agent: NeoMutt/20180716 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-MC-Unique: YodGD9WtO8qS3uIWWEjLYA-1 X-Mimecast-Spam-Score: 0 Content-Type: text/plain; charset=WINDOWS-1252 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2019-10-30 16:27, Paul Moore wrote: > On Thu, Oct 24, 2019 at 5:00 PM Richard Guy Briggs wrote= : > > Here's the note I had from that meeting: > > > > - Eric raised the issue that using /proc is likely to get more and more > > hoary due to mount namespaces and suggested that we use a netlink > > audit message (or a new syscall) to set the audit container identifier > > and since the loginuid is a similar type of operation, that it should b= e > > migrated over to a similar mechanism to get it away from /proc. Get > > could be done with a netlink audit message that triggers an audit log > > message to deliver the information. I'm reluctant to further pollute > > the syscall space if we can find another method. The netlink audit > > message makes sense since any audit-enabled service is likely to alread= y > > have an audit socket open. >=20 > Thanks for the background info on the off-list meeting. I would > encourage you to have discussions like this on-list in the future; if > that isn't possible, hosting a public call would okay-ish, but a > distant second. I'm still trying to get Eric's attention to get him to weigh in here and provide a more eloquent representation of his ideas and concerns. Some of it was related to CRIU(sp?) issues which we've already of which we've already seen similar concerns in namespace identifiers including the device identity to qualify it. > At this point in time I'm not overly concerned about /proc completely > going away in namespaces/containers that are full featured enough to > host a container orchestrator. If/when reliance on procfs becomes an > issue, we can look at alternate APIs, but given the importance of > /proc to userspace (including to audit) I suspect we are going to see > it persist for some time. I would prefer to see you to drop the audit > container ID netlink API portions of this patchset and focus on the > procfs API. I've already refactored the code to put the netlink bits at the end as completely optional pieces for completeness so they won't get in the way of the real substance of this patchset. The nesting depth and total number of containers checks have also been punted to the end of the patchset to get them out of the way of discussion. > Also, for the record, removing the audit loginuid from procfs is not > something to take lightly, if at all; like it or not, it's part of the > kernel API. Oh, I'm quite aware of how important this change is and it was discussed with Steve Grubb who saw the concern and value of considering such a disruptive change. Removing proc support for auid/ses would be a long-term deprecation if accepted. Really, I should have labelled the v7 patchset as RFC since there were so many new and disruptive ideas presented in it. > paul moore > www.paul-moore.com - RGB -- Richard Guy Briggs Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635