Received: by 2002:a25:e7d8:0:0:0:0:0 with SMTP id e207csp1081234ybh; Wed, 18 Mar 2020 14:43:31 -0700 (PDT) X-Google-Smtp-Source: ADFU+vv6qbUhx3K2ogJpDqFwLD19btjXQX6lph0I2bBL9wPOMrAsLMFQYPasn+p61FsP0MWBk1p8 X-Received: by 2002:a9d:6a91:: with SMTP id l17mr5902460otq.29.1584567811023; Wed, 18 Mar 2020 14:43:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1584567811; cv=none; d=google.com; s=arc-20160816; b=tY4Bchl12V2EbylbGUplEMNQt2lfcnijBiMC67fq+fHQece4JxCZRcv7le62dWXlfj 4oqurytgBjJNzLI1NJWF2yWThOy/wJ5jtP/otxVQWrF2JWcTwoLCfdZ/WH+X4brlfcOT Ay6jl+XRBAT4BzqxBsDkMJY2dk9w8/Bb2s6UQcoqgk91oF+KfvkklUH5Lvaca+6bQDFr L0N0O4RIWx5jsLn6X3GCf337vMzQdHx448ZglsQzFy1tZI79L7OQlhTMHiNIpiT4uk6N XcwaW7TQJiDDE4g3lr3a49QX8bST7tD5tJM4eW09bf0RxMmabuYjrj3K/v5UV5HSfofV mgPw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=FI4r1zHhj1RMuaE8Pn/teSAlnWkMrk+yN7HsYv/jDKI=; b=ewlpWxvRjpNlM1o4XBoV1fPIsOuz824xgpksHlHMlTODg2ABmdku7ibdaCgkTxyQX0 3S4QdJbFsh7CJas6EEYSTKRZD4wNx1HLXN5ei5EbKeZcyJGQkhT9n0Fa3ADW9YUCkvbi TDaB0U7qLRHOeLsqZ8r7AZXWtYP4xOaLZHqWuuauBsqpNEq9NK98iE4byEbDe9stPoYI 4CEwA4Bz2kehxrr4yVmm+FA9h5sy41Eo5C482y6waoBV51fvCevueE+z8WrnmOhJwJ0F UuQZO491z4Haa0o7Zemy+Rtl40/Dx/BAFS+gy5cwcoBRYw/Rp10hZo0uYQ38qz5CeSWt P9eQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=hwnGi272; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 2si3845373ois.104.2020.03.18.14.43.18; Wed, 18 Mar 2020 14:43:31 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=hwnGi272; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727259AbgCRVmW (ORCPT + 99 others); Wed, 18 Mar 2020 17:42:22 -0400 Received: from us-smtp-delivery-74.mimecast.com ([63.128.21.74]:50515 "EHLO us-smtp-delivery-74.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727249AbgCRVmW (ORCPT ); Wed, 18 Mar 2020 17:42:22 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1584567741; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=FI4r1zHhj1RMuaE8Pn/teSAlnWkMrk+yN7HsYv/jDKI=; b=hwnGi2726ij2ZDjgpGdGrEdtuaj8rDnKky3rvoPCunUMxgWtg7DFuNsrQ7HH2EzL+48IJm tdomi1DWjCbADMqSV4roQbJOzeCNzrHwECHk2pFS0ZhXjBTgcoPJZraWN8n5TAIg8OPDe9 ZHUy1iUkofQ9oLmT3ehoojAWF+0vmO0= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-90-cGEOpaJlMG6QfxMxXASyTw-1; Wed, 18 Mar 2020 17:42:18 -0400 X-MC-Unique: cGEOpaJlMG6QfxMxXASyTw-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 4288110C9FC1; Wed, 18 Mar 2020 21:42:16 +0000 (UTC) Received: from madcap2.tricolour.ca (unknown [10.36.110.5]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 65C105C1D8; Wed, 18 Mar 2020 21:41:59 +0000 (UTC) Date: Wed, 18 Mar 2020 17:41:54 -0400 From: Richard Guy Briggs To: Paul Moore Cc: Steve Grubb , linux-audit@redhat.com, nhorman@tuxdriver.com, linux-api@vger.kernel.org, containers@lists.linux-foundation.org, LKML , dhowells@redhat.com, netfilter-devel@vger.kernel.org, ebiederm@xmission.com, simo@redhat.com, netdev@vger.kernel.org, linux-fsdevel@vger.kernel.org, Eric Paris , mpatel@redhat.com, Serge Hallyn Subject: Re: [PATCH ghak90 V8 07/16] audit: add contid support for signalling the audit daemon Message-ID: <20200318214154.ycxy5dl4pxno6fvi@madcap2.tricolour.ca> References: <20200204231454.oxa7pyvuxbj466fj@madcap2.tricolour.ca> <3142237.YMNxv0uec1@x2> <20200312202733.7kli64zsnqc4mrd2@madcap2.tricolour.ca> <20200313192306.wxey3wn2h4htpccm@madcap2.tricolour.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20180716 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2020-03-18 17:01, Paul Moore wrote: > On Fri, Mar 13, 2020 at 3:23 PM Richard Guy Briggs wrote: > > On 2020-03-13 12:42, Paul Moore wrote: > > ... > > > > The thread has had a lot of starts/stops, so I may be repeating a > > > previous suggestion, but one idea would be to still emit a "death > > > record" when the final task in the audit container ID does die, but > > > block the particular audit container ID from reuse until it the > > > SIGNAL2 info has been reported. This gives us the timely ACID death > > > notification while still preventing confusion and ambiguity caused by > > > potentially reusing the ACID before the SIGNAL2 record has been sent; > > > there is a small nit about the ACID being present in the SIGNAL2 > > > *after* its death, but I think that can be easily explained and > > > understood by admins. > > > > Thinking quickly about possible technical solutions to this, maybe it > > makes sense to have two counters on a contobj so that we know when the > > last process in that container exits and can issue the death > > certificate, but we still block reuse of it until all further references > > to it have been resolved. This will likely also make it possible to > > report the full contid chain in SIGNAL2 records. This will eliminate > > some of the issues we are discussing with regards to passing a contobj > > vs a contid to the audit_log_contid function, but won't eliminate them > > all because there are still some contids that won't have an object > > associated with them to make it impossible to look them up in the > > contobj lists. > > I'm not sure you need a full second counter, I imagine a simple flag > would be okay. I think you just something to indicate that this ACID > object is marked as "dead" but it still being held for sanity reasons > and should not be reused. Ok, I see your point. This refcount can be changed to a flag easily enough without change to the api if we can be sure that more than one signal can't be delivered to the audit daemon *and* collected by sig2. I'll have a more careful look at the audit daemon code to see if I can determine this. Steve, can you have a look and tell us if it is possible for the audit daemon to make more than one signal_info (or signal_info2) record request from the kernel after receiving a signal? Another question occurs to me is that what if the audit daemon is sent a signal and it cannot or will not collect the sig2 information from the kernel (SIGKILL?)? Does that audit container identifier remain dead until reboot, or do we institute some other form of reaping, possibly time-based? > paul moore - RGB -- Richard Guy Briggs Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635