Received: by 2002:a05:6602:2086:0:0:0:0 with SMTP id a6csp4383964ioa; Wed, 27 Apr 2022 02:35:28 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw3D0/CimUJzcVz1ewm8XpUIVU8Ya5On57IXN0aBvAcI/AxPOR+OHUqzvvglvijILX0HMTa X-Received: by 2002:a65:6b92:0:b0:39c:c97b:1b57 with SMTP id d18-20020a656b92000000b0039cc97b1b57mr23980705pgw.517.1651052128267; Wed, 27 Apr 2022 02:35:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1651052128; cv=none; d=google.com; s=arc-20160816; b=KQ6N7bzBty1x0r5TrrP1NkUjHpnrBkWJaI7lkbK1XuZ0gAaNZa1gGvt/4OFwhsM695 LYNtGzqfxHPv7UtUv1Y3ofT+AeQr9xWYOSIFlSciOV5Ouurftz5Mi3yES5Roo3zT/glX Yw41KNvz7Rs94BP+MMrLTyX93vADn4Go35DjxnrjM8q2FlKM8mUvcB8Ognwcc/lpuL4s PtdmSdMAn5SI0lbmWUkXxNzY9DARCFLAHG1U8WuSGsqlRp+7Apbcth3/oLTW4T3iUgK5 raVkmkRfsAqQRBDZZsD7bzPLzzYptDm204GB4jZeh5yskRvM24HEaL6LVcrnGERZmA7z l3YA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=hbRg3+D0qvDncNTkVqOcbyfIAlM3Zlr4GMjtiFZIfZM=; b=O8lmuWUHZpfkN2fQVyjxRlaUH+tpb+ovIe3nHcdJqmcE94lz0w7K5cHJd39SrAMzh8 spfvX/gOK/x4vk2SaPqEsOzXU/APEDKdjLLPN+3QiUxFjJ3wH7AaKGdw4neoyTIy+jIK PTfGn8ZpM28rCjqyg9PB3bXL09e+KbsU/ojl/i4GFOhswdhl2g/oSCtQFHV7zrW5pjrd IuDw0+gWOmen5RJuX6NtgDUrqcIZzpxitqVHu8gAKbOoIf7erjyjU1xSfeTwbQf5Z032 2E3dqgWxNe+5tGO3wJH1FYKAYZRGAkfwhRrwJs5NL9qswHikuUgRvMih1xgAi2jZcFS+ XQPw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=01gTfT0g; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id pq14-20020a17090b3d8e00b001d9654a4447si1167195pjb.132.2022.04.27.02.35.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Apr 2022 02:35:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=01gTfT0g; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 4F592AE71; Wed, 27 Apr 2022 02:14:55 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1350400AbiDZSSq (ORCPT + 99 others); Tue, 26 Apr 2022 14:18:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51206 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237097AbiDZSSn (ORCPT ); Tue, 26 Apr 2022 14:18:43 -0400 Received: from mail-wm1-x333.google.com (mail-wm1-x333.google.com [IPv6:2a00:1450:4864:20::333]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 51E7C21E1F for ; Tue, 26 Apr 2022 11:15:35 -0700 (PDT) Received: by mail-wm1-x333.google.com with SMTP id v64-20020a1cac43000000b0038cfd1b3a6dso2020775wme.5 for ; Tue, 26 Apr 2022 11:15:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=hbRg3+D0qvDncNTkVqOcbyfIAlM3Zlr4GMjtiFZIfZM=; b=01gTfT0gcVgLiKXhgLBlbwibmeAHTTbph2mbBpIfbM+VBaogBEcxO1BC68Vv4+P7gd EtZ3XYD33SqbEAJxKGaqxTt3ZELkStaKc/inWJ/oOdUUxuldxDnT4OXLoV+ntuwvX9q2 VaUqJHTpva6CnlBikyb4eyUSqCpx2X2VVr2pUuv73s9fNFp6/HW5CRuY2Rr65j5QT7mT aKaPjB0CajSuCxj08E7oDIEwAr3UggP2TUFSu7R0mIqwhATIPA6lAerJeXmfqAjsvFR6 KQK/sXmjJEoVHl0qmx5lF482kkrJXG/3eUh1EBlRVAV9teY2m1DPOQwtWva2KaHGasDb HpQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=hbRg3+D0qvDncNTkVqOcbyfIAlM3Zlr4GMjtiFZIfZM=; b=XUTtQB/2a+h9W2kbHpOWx1m1js0gizGIuANNMwMqub2pn+YHRFKlk2bLKgnN0C1776 se6+O7WiXGBXUc6CqpYd/E/HiihR6CZavR4XJToJV9mJBPz9Crp6I1AULZYsUNjElFGk ecPCK8/U6LJckX6QesMhDsgRVwwTvDtwgS8byIexkXFnOFWuU3656g1w4xUboQg8VLP7 ab2Fl1rslPymST48z8+eE9YXm/KxIPRkhygRMqC7prmwT8C6r/4q8B3aBjucuDsdwB/p 5AcJWvTRpLitY6Y1V3hckiyIh2pfyS0cAYe8YnX0MUeAYzmy7mbz7iaKsTpPpF11sJ3t dUqA== X-Gm-Message-State: AOAM5312VYXMmr9vly5fKnPXPhuzQ3HSk2kKE4wMPDsu2heqbVrpPiKf hiwbiBJmmjFaWEE2H5ChH3oNlj89kcbhr2q8cAQ3 X-Received: by 2002:a1c:f009:0:b0:387:6fea:8ebc with SMTP id a9-20020a1cf009000000b003876fea8ebcmr32002327wmb.84.1650996933878; Tue, 26 Apr 2022 11:15:33 -0700 (PDT) MIME-Version: 1.0 References: <20220418145945.38797-1-casey@schaufler-ca.com> <20220418145945.38797-27-casey@schaufler-ca.com> In-Reply-To: From: Paul Moore Date: Tue, 26 Apr 2022 14:15:23 -0400 Message-ID: Subject: Re: [PATCH v35 26/29] Audit: Add record for multiple task security contexts To: John Johansen Cc: Casey Schaufler , casey.schaufler@intel.com, jmorris@namei.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, linux-audit@redhat.com, keescook@chromium.org, penguin-kernel@i-love.sakura.ne.jp, stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE, SPF_HELO_NONE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Apr 25, 2022 at 9:08 PM John Johansen wrote: > On 4/18/22 07:59, Casey Schaufler wrote: > > Create a new audit record AUDIT_MAC_TASK_CONTEXTS. > > An example of the MAC_TASK_CONTEXTS (1420) record is: > > > > type=MAC_TASK_CONTEXTS[1420] > > msg=audit(1600880931.832:113) > > subj_apparmor=unconfined > > subj_smack=_ > > > > When an audit event includes a AUDIT_MAC_TASK_CONTEXTS record > > the "subj=" field in other records in the event will be "subj=?". > > An AUDIT_MAC_TASK_CONTEXTS record is supplied when the system has > > multiple security modules that may make access decisions based > > on a subject security context. > > > > Functions are created to manage the skb list in the audit_buffer. > > > > Signed-off-by: Casey Schaufler > > Besides moving the aux fns, and the whining below > Reviewed-by: John Johansen ... > > diff --git a/kernel/audit.c b/kernel/audit.c > > index 4d44c05053b0..8ed2d717c217 100644 > > --- a/kernel/audit.c > > +++ b/kernel/audit.c > > @@ -2185,16 +2238,44 @@ int audit_log_task_context(struct audit_buffer *ab) > > if (!lsmblob_is_set(&blob)) > > return 0; > > > > - error = security_secid_to_secctx(&blob, &context, LSMBLOB_FIRST); > > + if (!lsm_multiple_contexts()) { > > + error = security_secid_to_secctx(&blob, &context, > > + LSMBLOB_FIRST); > > + if (error) { > > + if (error != -EINVAL) > > + goto error_path; > > + return 0; > > + } > > > > - if (error) { > > - if (error != -EINVAL) > > + audit_log_format(ab, " subj=%s", context.context); > > + security_release_secctx(&context); > > + } else { > > + /* Multiple LSMs provide contexts. Include an aux record. */ > > + audit_log_format(ab, " subj=?"); > > just me whining, you sure we can't just drop subj= here Have I recently given you my "the audit code is crap" speech? ;) I more or less answered this with my comments on the earlier patch, but we need to keep this around for compatibility. It will get better in the future. -- paul-moore.com