Received: by 2002:a25:e7d8:0:0:0:0:0 with SMTP id e207csp1055542ybh; Wed, 18 Mar 2020 14:09:53 -0700 (PDT) X-Google-Smtp-Source: ADFU+vs7kgQ8sgkvkWIIdxW2guWBOmdc6Q9H78qFbRU0NSAepCkjnSc0r2Cpn/y/Vd4M47KSZRVm X-Received: by 2002:a9d:4505:: with SMTP id w5mr5715099ote.262.1584565793614; Wed, 18 Mar 2020 14:09:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1584565793; cv=none; d=google.com; s=arc-20160816; b=ztikg9SnYi3nTDH4hb5QokzYve73Ov5TmulnpG5AOEAtJJdwRehr8NQXjWslcD0zUC k2KAbhl2P9zL8qNVbC4ewoOEFXO9tpVqeBZmV+w7Uu7pKWSYOn+y0MzR23KmBd/u6GwV DlBPBNpcs77eNPDz3nTkY7Aiww9RUiW43l2OcsUB/QU1BjdSvf7b/4B3WdZWc7fCmu4m PTZs169JPVNIQjWrp1ytfjEJKZlU0woVIvqVhhP4KWs1hAaX5gVy+Ag4ZuQVdPLslHpB QALOGB/TALSnpBqQb6xidkRb2zyVNdEbSq/L6Ya/GVcTa69vErbNhjOPpgVORnm6mjGp jOJQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=WatAKLuqZtZlRLQCbRzYpTXRz9maWKDE4hUEG0f7NDw=; b=dHhHH8LDPaKed18ZkW3DpdETVxdhHaHE89slxuJBWQI2VdDcV03F6Ynrbw7wqiHupq Ap1ZJS0JLIa+HZBzauu5wGNceSYbRjb1Ye4e9g9AihA86wQALTBk3nI9DsxCc5Fv+H5g Ut4YAUQ8aaAHeSp4H7ZzeaEyMtp7Utk3l9qJxLIPog7mPgRjWva8JUxCSJ1YAV+luCuH /iOON0hPylQuwLjhU+rXIZu227OsGDHKJjhS5uZrgCN0HHkqhB3aLdnY9BYHS9NLZ8/U DGAaspVHqskLlRypozLdqZZ+HnFfVFpF2nJa7uVB5M3H/Dbb3IewUNe3Zn5/fXlAdc9M HrfQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=KblwfDmt; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u9si4169291oib.109.2020.03.18.14.09.40; Wed, 18 Mar 2020 14:09:53 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=KblwfDmt; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728011AbgCRVIq (ORCPT + 99 others); Wed, 18 Mar 2020 17:08:46 -0400 Received: from mail-ed1-f65.google.com ([209.85.208.65]:34002 "EHLO mail-ed1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727453AbgCRVIo (ORCPT ); Wed, 18 Mar 2020 17:08:44 -0400 Received: by mail-ed1-f65.google.com with SMTP id i24so28837338eds.1 for ; Wed, 18 Mar 2020 14:08:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=WatAKLuqZtZlRLQCbRzYpTXRz9maWKDE4hUEG0f7NDw=; b=KblwfDmtszqt/poiiBnkGj80+eqtrRyKNLWAFKJyI2lM8X5PpTIHIUIc65zJhoEnEF WjcKc+bfilJdpRhIjI1m71RTPdnfUYwaMNgrlZfogSYuI3TKBJzAzVhAyAtHoPrdVKGp DLDa+hQ2FiF/ZRAW6YOkmNlRuau5tixJsAn5jRDu0LNFpGvf4mGlYW9x2j+4ybOULNy7 eW1S/z/G2JKD/YF0c0IywP5jL7tjCmAMSfYHwjw2Mgd+8lo0HY2apy//ZlP3q1BuFweg kxv1DBMAmhdBV9qGqhU7t4qHJxKuYe+4PrnuMPBj6LktzBpmvLYwxL6iqDAV7QAmJ5iL I9pg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=WatAKLuqZtZlRLQCbRzYpTXRz9maWKDE4hUEG0f7NDw=; b=X67DQeySnDVxmjjncuXMapKprOOfVh21JXDqRcbM3zEu3mJ3i/tXc0o1WzYDw1tqZK 4Xz+nftrOqDDMy6RhlD3d0MGLWqcYpGfTKBdivUVghAtBiXvaKYb0NGQDJmq7IWttEeG 4rwXsM15WvZ4cSdfF4bvZnJu4g8X2L4RfJJbGTzXp12wWu6VSUp2joBqF0q12k8XvxmF IOBZv9rMjRO5lx+uuGk/8KPeDG+SzOiJHtCzdI+jMvzlEbDL4s+dbLEYd36CaTg1S5TH yfaVc+AJXhUf1NQZo9CubRWKr6oNwR3OTnZ+01CeTHMJCDORFs2zPBSTL4RnFifTUqbG PIgw== X-Gm-Message-State: ANhLgQ1SzhBw5UEM9emXsyn/CGBlq9iUAvxEfgLRTUOVdldnmtZspRUA yNPc8Av2e29mhsJnsbmMZYFHICoI4N2U1xcue/fl X-Received: by 2002:aa7:d051:: with SMTP id n17mr5727973edo.196.1584565722903; Wed, 18 Mar 2020 14:08:42 -0700 (PDT) MIME-Version: 1.0 References: <6452955c1e038227a5cd169f689f3fd3db27513f.1577736799.git.rgb@redhat.com> <20200130192753.n7jjrshbhrczjzoe@madcap2.tricolour.ca> <20200205235056.e5365xtgz7rbese2@madcap2.tricolour.ca> <20200312205147.plxs4czjeuu4davj@madcap2.tricolour.ca> <20200314224203.ncyx3rgwwe6zet4e@madcap2.tricolour.ca> In-Reply-To: <20200314224203.ncyx3rgwwe6zet4e@madcap2.tricolour.ca> From: Paul Moore Date: Wed, 18 Mar 2020 17:08:31 -0400 Message-ID: Subject: Re: [PATCH ghak90 V8 13/16] audit: track container nesting To: Richard Guy Briggs Cc: nhorman@tuxdriver.com, linux-api@vger.kernel.org, containers@lists.linux-foundation.org, LKML , dhowells@redhat.com, Linux-Audit Mailing List , netfilter-devel@vger.kernel.org, ebiederm@xmission.com, simo@redhat.com, netdev@vger.kernel.org, linux-fsdevel@vger.kernel.org, Eric Paris , mpatel@redhat.com, Serge Hallyn Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Mar 14, 2020 at 6:42 PM Richard Guy Briggs wrote: > On 2020-03-13 12:47, Paul Moore wrote: ... > > It has been a while since I last looked at the patchset, but my > > concern over the prefered use of the ACID number vs the ACID object is > > that the number offers no reuse protection where the object does. I > > really would like us to use the object everywhere it is possible. > > Ok, so I take it from this that I go ahead with the dual format since > the wrapper funciton to convert from object to ID strips away object > information negating any benefit of favouring the object pointer. I'll > look at the remaining calls that use a contid (rather than contobj) and > convert all that I can over to storing an object using the dual counters > that track process exits versus signal2 and trace references. Well, as I said in the other thread, I'm not sure we need a full two counters; I think one counter and a simple flag should suffice. Otherwise that sounds good for the next iteration. -- paul moore www.paul-moore.com