Received: by 2002:a05:6602:2086:0:0:0:0 with SMTP id a6csp4383542ioa; Wed, 27 Apr 2022 02:34:48 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwLf11ViJmKtgBVqkevbSf7OijTCagJt3BYF5FMRik7VbqmRikOUaPgBBF4/Hsrb1uHQysL X-Received: by 2002:a63:5847:0:b0:399:3452:ffe4 with SMTP id i7-20020a635847000000b003993452ffe4mr23460147pgm.406.1651052088478; Wed, 27 Apr 2022 02:34:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1651052088; cv=none; d=google.com; s=arc-20160816; b=l9H2INylzgA3f7ipmyaDWyn8Zj5bMM250CacwAdYedMNIf6p8hD3IKYAZvG4oU9KhG N0wPes/8OkhHTfQYhhoZY6iV+Ja41CT17vJA0BlnCwIqiuhvukK0vxIuO5YEs9XmLcOl TmcFMKeRWbvI5F8U7SSytEbC/XEk3mbLFTUfuAv26UIr4aJgBebzWamZkFS//sLQ3+K9 48PPWdO3Nh+avWJFZYNj30H2OXszCTxwwHznFIylD5KGgBg+LCFzmWvv/1NA7Sxih1yp NJRk1rSJZf3/6dvZGDlSxjcy4yanA5mZly7DhQemtisM6JCwL4SPCfnm3c2AHvkgL+gz Fz8A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to :organization:from:references:cc:to:content-language:subject :user-agent:mime-version:date:message-id:dkim-signature; bh=HPxmSK5Le3qsa+l2VTTCM7colhsO1wQuYMTZrz1Rts0=; b=0FFGK8WLyQ0Pkds8B/hhvBAFDd+tE4VXDVBH7kWO23n1INgbZxKEc4t6Hb+FZyxue7 bfEkT55BNvuDm/u82hw7vtZqrwLhpPJrYMHB5xISFBIp9CidchYppzO8QoMkVlNB3S8S pYsTKFoVHlRWbnY95aeefa9e9ccCFUmI+Rv8HKq9KBneeOSlzvcgc8HvHtwj+3l6f1Ge 1X8WR/uWfQ8dborjfmN8L9eg3jgARlXnYzmvNQGnI8Fx0U5kjL7nG6WqvGnVWKSs1gpx 49uO8zSt/Zb49K9UK09V1GGiTFUIzkg+VywcnvNyptFwsKfOzkAU43o+Uu5UDa1oFIaC 3uqg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=fp+qrwHv; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id f70-20020a636a49000000b003aba3fc01ecsi863619pgc.441.2022.04.27.02.34.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Apr 2022 02:34:48 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=fp+qrwHv; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 8FA30265E36; Wed, 27 Apr 2022 02:14:26 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1354188AbiDZTLm (ORCPT + 99 others); Tue, 26 Apr 2022 15:11:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34700 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1354063AbiDZTKw (ORCPT ); Tue, 26 Apr 2022 15:10:52 -0400 Received: from smtp-relay-canonical-1.canonical.com (smtp-relay-canonical-1.canonical.com [185.125.188.121]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2E68D3B2BB; Tue, 26 Apr 2022 12:07:38 -0700 (PDT) Received: from [192.168.192.153] (unknown [50.126.114.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by smtp-relay-canonical-1.canonical.com (Postfix) with ESMTPSA id 82A363FD0A; Tue, 26 Apr 2022 19:07:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1651000056; bh=HPxmSK5Le3qsa+l2VTTCM7colhsO1wQuYMTZrz1Rts0=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=fp+qrwHvrE1agHdpm/r8T9Eh9E2o+3NHdX1otpm/RkbLBI4gjnphrOdLeRrlSm7SG za1js7pN5n9ZzLUfH67vmUVuxs95XN4q3isEXG6K/x/oAbghjkih13QflnB4Xr6UA8 MgfJLvPJ4OAEBxuKruw3vtRoriPHGlcVePWt9TjrNH40TCFX+a+X6KHvb0qD2hJove a+WdFFliafhGMl8WWlBEFqEq56Tg+D6uTp3Ad8FTlz8RKnPrXdTwSOBKTZ2engG2I5 OgQOZScgbD+xyfT2Q9FQlKEpSlBU7gWNqL55NRRiUlOumLbNa1C1vB80hEyXXpzZgi 7KEOjgAdRk+lQ== Message-ID: <4b21a4f0-4b53-2fee-4ea0-c21b95279b1d@canonical.com> Date: Tue, 26 Apr 2022 12:07:33 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0 Subject: Re: [PATCH v35 26/29] Audit: Add record for multiple task security contexts Content-Language: en-US To: Paul Moore Cc: Casey Schaufler , casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, linux-audit@redhat.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org References: <20220418145945.38797-1-casey@schaufler-ca.com> <20220418145945.38797-27-casey@schaufler-ca.com> From: John Johansen Organization: Canonical In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,NICE_REPLY_A,RDNS_NONE,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 4/26/22 11:15, Paul Moore wrote: > On Mon, Apr 25, 2022 at 9:08 PM John Johansen > wrote: >> On 4/18/22 07:59, Casey Schaufler wrote: >>> Create a new audit record AUDIT_MAC_TASK_CONTEXTS. >>> An example of the MAC_TASK_CONTEXTS (1420) record is: >>> >>> type=MAC_TASK_CONTEXTS[1420] >>> msg=audit(1600880931.832:113) >>> subj_apparmor=unconfined >>> subj_smack=_ >>> >>> When an audit event includes a AUDIT_MAC_TASK_CONTEXTS record >>> the "subj=" field in other records in the event will be "subj=?". >>> An AUDIT_MAC_TASK_CONTEXTS record is supplied when the system has >>> multiple security modules that may make access decisions based >>> on a subject security context. >>> >>> Functions are created to manage the skb list in the audit_buffer. >>> >>> Signed-off-by: Casey Schaufler >> >> Besides moving the aux fns, and the whining below >> Reviewed-by: John Johansen > > ... > >>> diff --git a/kernel/audit.c b/kernel/audit.c >>> index 4d44c05053b0..8ed2d717c217 100644 >>> --- a/kernel/audit.c >>> +++ b/kernel/audit.c >>> @@ -2185,16 +2238,44 @@ int audit_log_task_context(struct audit_buffer *ab) >>> if (!lsmblob_is_set(&blob)) >>> return 0; >>> >>> - error = security_secid_to_secctx(&blob, &context, LSMBLOB_FIRST); >>> + if (!lsm_multiple_contexts()) { >>> + error = security_secid_to_secctx(&blob, &context, >>> + LSMBLOB_FIRST); >>> + if (error) { >>> + if (error != -EINVAL) >>> + goto error_path; >>> + return 0; >>> + } >>> >>> - if (error) { >>> - if (error != -EINVAL) >>> + audit_log_format(ab, " subj=%s", context.context); >>> + security_release_secctx(&context); >>> + } else { >>> + /* Multiple LSMs provide contexts. Include an aux record. */ >>> + audit_log_format(ab, " subj=?"); >> >> just me whining, you sure we can't just drop subj= here > > Have I recently given you my "the audit code is crap" speech? ;) > hehehe, I get it, something about glass houses and stones. the whole newline mess in path 28/29 that I would dearly love to drop. > I more or less answered this with my comments on the earlier patch, > but we need to keep this around for compatibility. It will get better > in the future. >