Received: by 2002:a05:7412:a986:b0:f9:90c9:de9f with SMTP id o6csp29550rdh;
        Wed, 20 Dec 2023 13:24:19 -0800 (PST)
X-Google-Smtp-Source: AGHT+IF4GyZEjTXf9hC2c44TfjreTKUFR/T5VUnaqILtOTLMCg4USg7ox2sNqnGFwluwpI+SVFnR
X-Received: by 2002:aa7:8753:0:b0:6d9:366a:7836 with SMTP id g19-20020aa78753000000b006d9366a7836mr2507167pfo.56.1703107459637;
        Wed, 20 Dec 2023 13:24:19 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1703107459; cv=none;
        d=google.com; s=arc-20160816;
        b=wWKBku7zYNzdqR3uPUdogKFUfYSxBWJN2qdXbZrRH/hhT2EYBbcNQQc63SoPi1p1ka
         5vfSGeDlH9dDSqgv4xyoaF9hq1uF+OdOGsrYS+OBRSzw6hYQt//H9oyOg9JGNUT/A45T
         +PwoCpSxswRSPe82HpfNXVJDYen2SieoaJJKw4JZieYBriKcEXsi8EvcqXaZ4Hybd5gl
         T7Zb2+SzEosq6lrZ7T2U4PLyYMmj0q1malTJERcOq6Ow3s/CQVn38hYlAOfgBmwzbPKa
         bOzLLynN3FqTHk1KeOmLpDGlUZedDWOo3A6RczWt5bqLkSkXwoKeO6CS7TDCrN/4WBml
         3dHA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe
         :list-id:precedence:dkim-signature;
        bh=gTTb74YZRwuPY0HwKU3wIMO0x9pEEF2I6OsPvxwt2rg=;
        fh=0Iq/gUEH1U7Gs+WIOBr668/Eci0z9BgD0RKfLYHYz38=;
        b=xdV0H4VlTanSOFyaoL8KTogryOwZEKjdmC6igNNxF10hxZTq4sIIT6faP1CLenyOjw
         x6dtgJdN1050BMa4vz4t0jK3AdAYAsHNATZ/JfwR00A/SjbOVl3bULTi94/tbcCBf5cT
         +1654R1qbzZpoJiYgRnDNMabcj/ub5QIy1aqa7yDXZTQDIVrCtRYDg/dyJk/e9noE1kD
         WX3WIfl4ZjQCACu+3430wMiDx75qagS+ySmuLuFCqCydt3+Ddg3EV7cSj2RpikHobszg
         eVj0lTjcMtabLfZrajGR+V/kKdMlwIiZkiFspei/yjJsqcB0Vs1RttF5GffjVrNr1tdm
         Ck3g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@paul-moore.com header.s=google header.b="YCWS/2/c";
       spf=pass (google.com: domain of linux-kernel+bounces-7447-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-7447-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com
Return-Path: <linux-kernel+bounces-7447-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1])
        by mx.google.com with ESMTPS id a5-20020a656405000000b005cd8710c3a2si340712pgv.259.2023.12.20.13.24.19
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 20 Dec 2023 13:24:19 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-7447-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@paul-moore.com header.s=google header.b="YCWS/2/c";
       spf=pass (google.com: domain of linux-kernel+bounces-7447-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-7447-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sy.mirrors.kernel.org (Postfix) with ESMTPS id 04DADB2501F
	for <linux.lists.archive@gmail.com>; Wed, 20 Dec 2023 21:23:07 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 2F633498BF;
	Wed, 20 Dec 2023 21:22:36 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="YCWS/2/c"
X-Original-To: linux-kernel@vger.kernel.org
Received: from mail-yb1-f178.google.com (mail-yb1-f178.google.com [209.85.219.178])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1A714495EA
	for <linux-kernel@vger.kernel.org>; Wed, 20 Dec 2023 21:22:33 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com
Received: by mail-yb1-f178.google.com with SMTP id 3f1490d57ef6-dbdc2a6f030so41685276.3
        for <linux-kernel@vger.kernel.org>; Wed, 20 Dec 2023 13:22:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=paul-moore.com; s=google; t=1703107353; x=1703712153; darn=vger.kernel.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=gTTb74YZRwuPY0HwKU3wIMO0x9pEEF2I6OsPvxwt2rg=;
        b=YCWS/2/cOlOIeYRpZqMz4wsPg0J+7OKKBnQXxyEA7M4avApYQfqgrcesL985sIq2HL
         Ny+znct3K0292dpWr4bQcmIOUnOtA1ESUGtL11TW3RswWH2bH+lx5eJYcoYU2tyYZ+iB
         w10/p0bqYDNmSxUmeVzeeROSbzB9n4nt5bulF8NuJWbbeIRMQpV7i3g/GuMAK455f9JM
         fpTihHyaMPcY45y9UQG5/72hHmWV7pjpzwKQP6XuC9+WrGznNIhyElATct6I4XrmQEa/
         7sgoeEc2kONQFYgWE3DnqPpV2h44L2rMRyEJ44JhFuOtWeHHrq6PFaK5YhYGVV62Wkyi
         kf/Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1703107353; x=1703712153;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=gTTb74YZRwuPY0HwKU3wIMO0x9pEEF2I6OsPvxwt2rg=;
        b=StPq3M2vH/q704auDjuQMvQ2gF4RAu0Wt9eRfn7G8/jVQEP4KQpqaOJRAYRzllu7vT
         4uiYTBXl3AbFwIDJ6IG3ZGjWKNoe+3j47RoWn09rhCfaAulZh4uciWUEryBPKt/IRF8o
         xdH6+psQJ6+m2vUSqtu3wMWQ/YbOlb/gfw+DrjBTOPHX0WBvhTG918k7n83Ok9LSUshL
         MjNUuXxXP4PNulDF96fr6N2JfG5jg/RNKcuXE3lPEK+X+L2Z1KlXsjRMqbpdjYsgZCwc
         mFA3X9tXuAc3yJpn50t6FmxIaMPPRKg+c7+GYx4T+3SJuyVG9icI6ZSexSLcZmuaZ+PA
         IXAw==
X-Gm-Message-State: AOJu0YzU8yawL4gp5WLXLjoy+g0lqH2da9AHXcTZ8uilmzOAEJ8E7yTf
	5kYwdavwvrF0ZlmZ4LicnCKBbQqudQ7gVUFgLXx1
X-Received: by 2002:a25:ad4a:0:b0:dbd:7383:d155 with SMTP id
 l10-20020a25ad4a000000b00dbd7383d155mr461235ybe.0.1703107352983; Wed, 20 Dec
 2023 13:22:32 -0800 (PST)
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
References: <20230921061641.273654-1-mic@digikod.net> <20230921061641.273654-5-mic@digikod.net>
In-Reply-To: <20230921061641.273654-5-mic@digikod.net>
From: Paul Moore <paul@paul-moore.com>
Date: Wed, 20 Dec 2023 16:22:22 -0500
Message-ID: <CAHC9VhQ3fqq6bP=eco1hk=AoMa=5QNyXHCzNw5RZt92y9Z7T2g@mail.gmail.com>
Subject: Re: [RFC PATCH v1 4/7] landlock: Log domain creation and enforcement
To: =?UTF-8?B?TWlja2HDq2wgU2FsYcO8bg==?= <mic@digikod.net>
Cc: Eric Paris <eparis@redhat.com>, James Morris <jmorris@namei.org>, 
	"Serge E . Hallyn" <serge@hallyn.com>, Ben Scarlato <akhna@google.com>, 
	=?UTF-8?Q?G=C3=BCnther_Noack?= <gnoack@google.com>, 
	Jeff Xu <jeffxu@google.com>, Jorge Lucangeli Obes <jorgelo@google.com>, 
	Konstantin Meskhidze <konstantin.meskhidze@huawei.com>, Shervin Oloumi <enlightened@google.com>, 
	audit@vger.kernel.org, linux-kernel@vger.kernel.org, 
	linux-security-module@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Thu, Sep 21, 2023 at 2:17=E2=80=AFAM Micka=C3=ABl Sala=C3=BCn <mic@digik=
od.net> wrote:
>
> Add audit support for domain creation, i.e. task self-restriction.
>
> Signed-off-by: Micka=C3=ABl Sala=C3=BCn <mic@digikod.net>
> ---
>  security/landlock/audit.c    | 24 ++++++++++++++++++++++++
>  security/landlock/audit.h    |  8 ++++++++
>  security/landlock/syscalls.c |  4 ++++
>  3 files changed, 36 insertions(+)
>
> diff --git a/security/landlock/audit.c b/security/landlock/audit.c
> index f58bd529784a..d9589d07e126 100644
> --- a/security/landlock/audit.c
> +++ b/security/landlock/audit.c
> @@ -84,6 +84,30 @@ void landlock_log_create_ruleset(struct landlock_rules=
et *const ruleset)
>         audit_log_end(ab);
>  }
>
> +void landlock_log_restrict_self(struct landlock_ruleset *const domain,
> +                               struct landlock_ruleset *const ruleset)
> +{
> +       struct audit_buffer *ab;
> +
> +       WARN_ON_ONCE(domain->id);
> +       WARN_ON_ONCE(!ruleset->id);
> +
> +       ab =3D audit_log_start(audit_context(), GFP_ATOMIC, AUDIT_LANDLOC=
K);
> +       if (!ab)
> +               /* audit_log_lost() call */
> +               return;
> +
> +       domain->hierarchy->id =3D
> +               atomic64_inc_return(&ruleset_and_domain_counter);
> +       log_task(ab);
> +       audit_log_format(ab, " op=3Drestrict-self domain=3D%llu ruleset=
=3D%llu",
> +                        domain->hierarchy->id, ruleset->id);

If domain creation and self restriction are the same, I would suggest
going with "op=3Dcreate-domain" so it better matches "op=3Drelease-domain"
in patch 3/7.

Also see my previous comment about consistency between AUDIT_LANDLOCK recor=
ds.

> +       audit_log_format(
> +               ab, " parent=3D%llu",
> +               domain->hierarchy->parent ? domain->hierarchy->parent->id=
 : 0);
> +       audit_log_end(ab);
> +}

--
paul-moore.com