Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp722957ybg; Fri, 12 Jun 2020 12:52:30 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw3k23t/oY+beSUPTFkJns5ZByfuk/ZF/VevzvUbloVdOcb17rsIoHukXJ5fFzPNItfSwIs X-Received: by 2002:a50:b2e1:: with SMTP id p88mr13405465edd.198.1591991550730; Fri, 12 Jun 2020 12:52:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591991550; cv=none; d=google.com; s=arc-20160816; b=xCp2ewcfQpYYmSJliwLpZ3eVz4tmIAEeERsJ6yemR/C4KiUp3l558J0sLeJUUm6w7c 8eH102HWaO4N9l59ZDcIr4HLa0NDs6zJ8vqVwScGhAGL1AyepY5p2YI03i3Q6J3gfXUI ab8EhNtX5EJR7dyMjde52SDDbR/cbu6UWROPSbr40cXooprljEMbOyRjkPWcDjU60Pcj MXuva0O8mEIqgvbpEwMBq9kWYy9HQRRPxxRwQOm8HUl2Pk8eq828UiXYTRDwP3KcCTM5 WWRnruQo5XKtAVkdiog67tNeTgdWH3jK3PsacTq0FQA1fogMjz2wCGHpFc5CdGHajBix 9m5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature:dkim-filter; bh=GdD9+kQ9aITh+TAeiBW5btAMPcCymvbqsDCBMG9pDJY=; b=SkNzENFdfNMvj/SjHl3oXNwoaWXZOMHs5JxJhFPbkjPAFSpJUgJDzmkg1mukxfDh4V twzg3CeD2+K4sYdhAInOVTBM4vhTQ0oG4pCnWAEVvPXPQ68MuLWXxJ/bD6eId47ro4pO 3AbMkNS9ejn26pwNUzH1J06LK0SdVG0PNhUmSdnItbmHBZz0GElE7U5EOgxdCNz8d80w 2WJ9ej1+n5Um2qXo6AxSYJWM8FheBLz4dnknsqu9lN5P/XXPRlCG3/Boyt0NKSqzeWBQ ElaoMnEx8TNChV2qSYkWZy5GxgUoiuJYQ8qWWS3UIyIsW11gEMXACgGBXCIlPQltrHu2 lAIQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=VnnOl8MD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z14si4166979ejr.261.2020.06.12.12.52.08; Fri, 12 Jun 2020 12:52:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=VnnOl8MD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726444AbgFLTuS (ORCPT + 99 others); Fri, 12 Jun 2020 15:50:18 -0400 Received: from linux.microsoft.com ([13.77.154.182]:60316 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726396AbgFLTuP (ORCPT ); Fri, 12 Jun 2020 15:50:15 -0400 Received: from [192.168.0.104] (c-73-42-176-67.hsd1.wa.comcast.net [73.42.176.67]) by linux.microsoft.com (Postfix) with ESMTPSA id B356C205DDAF; Fri, 12 Jun 2020 12:50:14 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com B356C205DDAF DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1591991414; bh=GdD9+kQ9aITh+TAeiBW5btAMPcCymvbqsDCBMG9pDJY=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=VnnOl8MDm+ruzYyoWNTT6EMXTeW1KeweCnFkTcpwagJQWqkhh3u2nYF34qqGdvPBo aKpmwhEtVxIJ52SRseNK4B+wSrg34/L38VYKHNrJKNIGKH9mAEuhek8tb571EKHoaS LUA0x4yXrn6jiMXz029ksb3O+OHqmzVjEI6yk2LE= Subject: Re: [PATCH 1/2] integrity: Add errno field in audit message To: Mimi Zohar , sgrubb@redhat.com, paul@paul-moore.com Cc: rgb@redhat.com, linux-integrity@vger.kernel.org, linux-audit@redhat.com, linux-kernel@vger.kernel.org References: <20200611000400.3771-1-nramas@linux.microsoft.com> <1591989920.11061.90.camel@linux.ibm.com> From: Lakshmi Ramasubramanian Message-ID: <42482562-d74c-2678-069f-1d8ef4feffac@linux.microsoft.com> Date: Fri, 12 Jun 2020 12:50:14 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0 MIME-Version: 1.0 In-Reply-To: <1591989920.11061.90.camel@linux.ibm.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 6/12/20 12:25 PM, Mimi Zohar wrote: > The idea is a good idea, but you're assuming that "result" is always > errno.  That was probably true originally, but isn't now.  For > example, ima_appraise_measurement() calls xattr_verify(), which > compares the security.ima hash with the calculated file hash.  On > failure, it returns the result of memcmp().  Each and every code path > will need to be checked. > Good catch Mimi. Instead of "errno" should we just use "result" and log the value given in the result parameter? From the audit field dictionary (link given below) "result" is already a known field that is used to indicate the result of the audited operation. @Steve\Paul: Like "res" is "result" also expected to have only values "0" or "1", or can it be any result code? https://github.com/linux-audit/audit-documentation/blob/master/specs/fields/field-dictionary.csv res alphanumeric result of the audited operation(success/fail) result alphanumeric result of the audited operation(success/fail) thanks, -lakshmi