Received: by 2002:a25:31c3:0:0:0:0:0 with SMTP id x186csp103673ybx; Thu, 31 Oct 2019 16:44:48 -0700 (PDT) X-Google-Smtp-Source: APXvYqx86xrc7qbHG6xwDQZ1YXX3fO3Sr2LJZv8YlH4VUijdEB6xS4x9oTEM0DCiuxXuVuWPXSJr X-Received: by 2002:aa7:db48:: with SMTP id n8mr9359928edt.179.1572565488112; Thu, 31 Oct 2019 16:44:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1572565488; cv=none; d=google.com; s=arc-20160816; b=B3ENwolCrpEzCPPmhRXPTyCW71UAF22BMQ5diRI/k4lBnIdelbYWrN/+FF1Y7WvmqW Nk0myzqtEeNmJk8PqEoO8l9nP5s1hLw3Bvq+Elvp5r+dnvYsg/YIEIXnhT6AH5GFTc21 LtA6Tv8Y5BondRk75YHGcyMgw3VWKW+EcgzLrhBZJbeKdykIwee3Wv8tAigYYJKQVKnX ORn85pGp24SPtzby5JEJ7WuXYCpZW+K2HYtmYFkUqOSc9xar1EWGviftXNgQUcFkv1JI 6dxtN2Ng2MLDGkrNxi8oC/oSvqTVBu6mmO82bcZR+RIutwSEZ42GCUlelAEUJiR+xIC4 MmNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=BhXMszijrgAIYzZ9gxH9cFx8EddXNjy2TqQatbYc+Nk=; b=LYWT6+d91H9LT+71O8K8NY6tWBDlWbUgrOh4aLwUHPsDrh1MiZw3YWU8kvgJfFOffD IRVBXf7Ul8xnCZ2hvC6+/hV3VHJukzEIsb/flVymoNCml6QJcs96qXpLL33XiL1T/oNe 95q9quJEi9jrXNxffuS8z8MjuS3AYbkzg6H9a/FOhzaNnNIk0oLwq6KTJn3DJQWJTLb1 YCLnP/WWjkfqYHvPk6T2VpvGXIU7uZ6X4M7XmJx9xeU4EAH8VBffximvEOsSQ/rqynB6 Yb4N28g9tiN6zYXuIcOebdGYTQ2KuBQoqkvy3QyzWDH2q8w4X6ddomZjtZkFlkwsvTdY JKxw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=PBPIT77A; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c36si5311584edb.58.2019.10.31.16.44.25; Thu, 31 Oct 2019 16:44:48 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=PBPIT77A; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728656AbfJaXiB (ORCPT + 99 others); Thu, 31 Oct 2019 19:38:01 -0400 Received: from mail-lj1-f195.google.com ([209.85.208.195]:43640 "EHLO mail-lj1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727807AbfJaXiB (ORCPT ); Thu, 31 Oct 2019 19:38:01 -0400 Received: by mail-lj1-f195.google.com with SMTP id s4so8403937ljj.10 for ; Thu, 31 Oct 2019 16:38:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=BhXMszijrgAIYzZ9gxH9cFx8EddXNjy2TqQatbYc+Nk=; b=PBPIT77AyNqMEwQoyQaCVkLT7M8TfLPd670Drrfj3I0N9/7rXzhpyODn6ZT2yOPckv Qilg0l2iIs3UAOmuW8gShWyhaY4PigFiFVzalfqYDBp0oX4PNC/kLszdO9L7c4pT8Cy9 smo0IdWRKwLl/IbLW0IV5GFldBbIePTM3ejqrwHqLwPH5t3aRPk6EcmXOUvJS6vLwl84 AFhXYsPEGcB2PqjP4vW+wM6A7JP+eryJelp5BLL9FrnWDvkUc/1vuW51d1lWSLC8Sjjb DM60FyewAhh+/w4wnrPgFSBfxJW8wUjS3sROz85MqDxchJDEKZmEFzyf/2uIe0AWD17+ GwvQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=BhXMszijrgAIYzZ9gxH9cFx8EddXNjy2TqQatbYc+Nk=; b=ZU2MjGxS+bYHFySbigiPrLqQg1v+wMU/5Slr6FNJEuel8FHI9Parn4a6B1MWlpeg+m 6/+GL1t6qyqSxwbk7qUde5OBMqK4L/Ex7pCEeVvaJBKxGuFgUFAZVjmq7sX6NA2JoQ5D fS0K9rbIb7eGXGA0yYHtuv5Ey5qDZPmrKygUzuygDPOfVG/9W7Pj/u0iXD6MPzyy3JKN OfPXIRNOPwuFWOQaGRXN282v6iWag5qYjQ2TEKDXNOHfW8PHjyx9IWNxrUTWy3GtBvN+ 0HLo5TXlUIpNA5vXqVVn1QOFPkhQtEeQw/zSPZPCyUxLqfD2X0hGUbvjKjHHHKs6GTba nh1A== X-Gm-Message-State: APjAAAWVXrRDGpBzrx1D+/LvvhP7/b6r+9yvb5PtUbByIud/GcFPULgZ Bk61LkCMxi/JXhZZVTBXsU/kWyse9WMy08LCGgPa X-Received: by 2002:a2e:9249:: with SMTP id v9mr6136219ljg.184.1572565079262; Thu, 31 Oct 2019 16:37:59 -0700 (PDT) MIME-Version: 1.0 References: <20191030220320.tnwkaj5gbzchcn7j@madcap2.tricolour.ca> <3677995.NTHC7m0fHc@x2> In-Reply-To: <3677995.NTHC7m0fHc@x2> From: Paul Moore Date: Thu, 31 Oct 2019 19:37:47 -0400 Message-ID: Subject: Re: [PATCH ghak90 V7 20/21] audit: add capcontid to set contid outside init_user_ns To: Steve Grubb Cc: Richard Guy Briggs , containers@lists.linux-foundation.org, linux-api@vger.kernel.org, Linux-Audit Mailing List , linux-fsdevel@vger.kernel.org, LKML , netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, omosnace@redhat.com, dhowells@redhat.com, simo@redhat.com, Eric Paris , Serge Hallyn , ebiederm@xmission.com, nhorman@tuxdriver.com, Dan Walsh , mpatel@redhat.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Oct 31, 2019 at 10:51 AM Steve Grubb wrote: > On Wednesday, October 30, 2019 6:03:20 PM EDT Richard Guy Briggs wrote: > > > Also, for the record, removing the audit loginuid from procfs is not > > > something to take lightly, if at all; like it or not, it's part of the > > > kernel API. > > It can also be used by tools to iterate processes related to one user or > session. I use this in my Intrusion Prevention System which will land in > audit user space at some point in the future. Let's try to stay focused on the audit container ID functionality; I fear if we start bringing in other unrelated issues we are never going to land these patches. > > Oh, I'm quite aware of how important this change is and it was discussed > > with Steve Grubb who saw the concern and value of considering such a > > disruptive change. > > Actually, I advocated for syscall. I think the gist of Eric's idea was that / > proc is the intersection of many nasty problems. By relying on it, you can't > simplify the API to reduce the complexity. I guess complexity is relative in a sense, but reading and writing a number from a file in procfs seems awfully simple to me. > Almost no program actually needs > access to /proc. ps does. But almost everything else is happy without it. For > example, when you setup chroot jails, you may have to add /dev/random or / > dev/null, but almost never /proc. What does force you to add /proc is any > entry point daemon like sshd because it needs to set the loginuid. If we > switch away from /proc, then sshd or crond will no longer /require/ procfs to > be available which again simplifies the system design. It's not that simple, there are plenty of container use cases beyond ps which require procfs: Most LSM aware applications require procfs to view and manage some LSM state (e.g. /proc/self/attr). System containers, containers that run their own init/systemd/etc., require a working procfs. Nested container orchestrators often run in system containers, which require a working procfs (see above). I'm sure there are plenty others, but these are the ones that came immediately to mind. -- paul moore www.paul-moore.com