Received: by 2002:a05:6358:489b:b0:bb:da1:e618 with SMTP id x27csp1167374rwn; Thu, 8 Sep 2022 14:45:40 -0700 (PDT) X-Google-Smtp-Source: AA6agR6amMfdKHhVKOn1WndNO1GCrETAWd3b9n8AW37hNp80vo48kQ0cylF/1mGk/F0f6zf7i83V X-Received: by 2002:a2e:be05:0:b0:25f:d8fb:afbc with SMTP id z5-20020a2ebe05000000b0025fd8fbafbcmr3245082ljq.369.1662673540559; Thu, 08 Sep 2022 14:45:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1662673540; cv=none; d=google.com; s=arc-20160816; b=rux0fQv06GZikFFaqVQQ11RNGrTZ5Un8620QgM2PCM4DACsN4wy+cM80hkgut/Mwyy rgUruXTjJ+9Z07s2IEcmgfjFuaI7QityXrIWv2HA2CKzLBCCJS/Frp/bcL/Ka63G7fFa QFICJ3lrGeG4oswyr24S0NW7qm2AJMYyOkb1PW4/C5mUWA5XGeVmsB4/hbtF9+kx7vhr 03fGHg3jv2/gULUNYlpnAwBF+9vLBDr8jnP9syG2YdlVh671cJOpIAVi9MiyCsb46gk8 XZUMeBeRjLxL8RakMBIxShmcYKBZE1LPsNt3mKg0pyLUUx1tcygoq17xhTiCWPclc+DE IK2g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=xePKdUHPsf4upeyYZ51sX7aStCsuTX+3DuKXGbieyQw=; b=AeuI8t4g6ZzURZXtUvjfqJFphMMqC92R39+1aMOtPL4l/i4QtaYtnLgSKdD/S5Oc1c oyTCMRnGMHHuLPfFYyqGqFTX8y/RItOHlupF8uPUBIBxcQF3CTELO0igb0rSi2cAIhWK ee8H0f2zP8qSyjtLecZqTHY/o0+54WPeJ8AnTDjM7HkVrQCrdP3QGsrTr/eTPyP/gMfE rPPB40W7BJ5875PLW4e1tUvbjyPfC/FR4W8hKmbEHVNlF4S8Tq5i1mApSH+TM5E6hvBf i4LTFcjNzswBqOkekQjAqOOpNa0KaKshcJyZMTvdUpuoAwztWd1wPyoHtE8O1k3S0kYQ vO5w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=Lj8WjuWf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bj20-20020a2eaa94000000b0026be0ce67a3si371933ljb.197.2022.09.08.14.45.11; Thu, 08 Sep 2022 14:45:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=Lj8WjuWf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229559AbiIHVWa (ORCPT + 99 others); Thu, 8 Sep 2022 17:22:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50090 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229437AbiIHVW2 (ORCPT ); Thu, 8 Sep 2022 17:22:28 -0400 Received: from mail-oa1-x2a.google.com (mail-oa1-x2a.google.com [IPv6:2001:4860:4864:20::2a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1E971B089F for ; Thu, 8 Sep 2022 14:22:27 -0700 (PDT) Received: by mail-oa1-x2a.google.com with SMTP id 586e51a60fabf-11eab59db71so47782736fac.11 for ; Thu, 08 Sep 2022 14:22:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20210112.gappssmtp.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=xePKdUHPsf4upeyYZ51sX7aStCsuTX+3DuKXGbieyQw=; b=Lj8WjuWf9DDGY9mvU1OdHIaHs5A4zEnBdc7SN1cf+V2ALsGGzCSXfq+28WJO1Al1sf WqcWk0JDF2NUY00xUDcOM2CCHZ2SemS1LDrarOBqNt/uldoLvVZG/xmJ9lOAnj/xuokM YOwgCQz5DiiZoN18IA5gWVw5Q5ssWx7EVwJvJr4yDsrqLTHtSrqDcGUycf43p3oOUpdu wMxijzxxj1+pLaXPAW/KTDqLdx2Cr3w1K5YByW9xNxtgY3bAnb/dDnlolU7cQcpWVCgb 6p+Hz4+PgycZGuiI9k/FuOdyi9m2An5MeYdOeEwBLFKD1BrMLMaJ7EIasnI7csJqefCM wVgA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=xePKdUHPsf4upeyYZ51sX7aStCsuTX+3DuKXGbieyQw=; b=Z7k4FjNBlFUuLlOOQw0eVix7lTI2h1/jLV1PqGohI0O8jbQKiZHjUq6QIK7vbWpFii CdnI9/vL+1JZ3RDyXF/2ybL4oUaXiPpSWmVEACdq7KIp3X/ZR+mNibgVUTv5YZrDW1Ud HzJICO7uAS9+no2hxflL/xBnuzdEDdpOkgF4+dbpN5As5kEuAg3BX1TsClIqoQd2NY1P wP1cSv1aPRCypILDfl4OwpJf6WoF+EV0GGuyGqDtGvqm9bxwZTSuLwoAt4clTZuIsJ53 YFDVoSlkIxjH4Rlolnna+VqIbeMH6cFWP7QXbneOCj2VktpbKQZPi9egJj99pDSu+MKz bnEw== X-Gm-Message-State: ACgBeo1tkgCWOwCtUZpLWYasiog1Hb2Qd78gNdLpaoiDsXrEnPctFydc D4nUP/PdmX6X0ODFRBBOR9c+7mD2WMQjgpJkHNNU X-Received: by 2002:a05:6870:5808:b0:128:afd5:491f with SMTP id r8-20020a056870580800b00128afd5491fmr3189028oap.136.1662672146444; Thu, 08 Sep 2022 14:22:26 -0700 (PDT) MIME-Version: 1.0 References: <4753948.GXAFRqVoOG@x2> <2603742.X9hSmTKtgW@x2> In-Reply-To: <2603742.X9hSmTKtgW@x2> From: Paul Moore Date: Thu, 8 Sep 2022 17:22:15 -0400 Message-ID: Subject: Re: [PATCH v4 3/4] fanotify,audit: Allow audit to use the full permission event response To: Steve Grubb Cc: Richard Guy Briggs , Jan Kara , Linux-Audit Mailing List , LKML , linux-fsdevel@vger.kernel.org, Eric Paris , Amir Goldstein Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Sep 8, 2022 at 5:14 PM Steve Grubb wrote: > On Wednesday, September 7, 2022 4:23:49 PM EDT Paul Moore wrote: > > On Wed, Sep 7, 2022 at 4:11 PM Steve Grubb wrote: > > > On Wednesday, September 7, 2022 2:43:54 PM EDT Richard Guy Briggs wrote: > > > > > > Ultimately I guess I'll leave it upto audit subsystem what it wants > > > > > > to > > > > > > have in its struct fanotify_response_info_audit_rule because for > > > > > > fanotify subsystem, it is just an opaque blob it is passing. > > > > > > > > > > In that case, let's stick with leveraging the type/len fields in the > > > > > fanotify_response_info_header struct, that should give us all the > > > > > flexibility we need. > > > > > > > > > > Richard and Steve, it sounds like Steve is already aware of > > > > > additional > > > > > information that he wants to send via the > > > > > fanotify_response_info_audit_rule struct, please include that in the > > > > > next revision of this patchset. I don't want to get this merged and > > > > > then soon after have to hack in additional info. > > > > > > > > Steve, please define the type and name of this additional field. > > > > > > Maybe extra_data, app_data, or extra_info. Something generic that can be > > > reused by any application. Default to 0 if not present. > > > > I think the point is being missed ... The idea is to not speculate on > > additional fields, as discussed we have ways to handle that, the issue > > was that Steve implied that he already had ideas for "things" he > > wanted to add. If there are "things" that need to be added, let's do > > that now, however if there is just speculation that maybe someday we > > might need to add something else we can leave that until later. > > This is not speculation. I know what I want to put there. I know you want to > pin it down to exactly what it is. However, when this started a couple years > back, one of the concerns was that we're building something specific to 1 user > of fanotify. And that it would be better for all future users to have a > generic facility that everyone could use if they wanted to. That's why I'm > suggesting something generic, its so this is not special purpose that doesn't > fit any other use case. Well, we are talking specifically about fanotify in this thread and dealing with data structures that are specific to fanotify. I can understand wanting to future proof things, but based on what we've seen in this thread I think we are all set in this regard. You mention that you know what you want to put in the struct, why not share the details with all of us so we are all on the same page and can have a proper discussion. -- paul-moore.com