Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp651300pxu;
        Sun, 22 Nov 2020 23:44:08 -0800 (PST)
X-Google-Smtp-Source: ABdhPJyzw/bWvUDsScT+dZVy8VTN3kqiap+mAqqDKIFRo+7/51VU6BORGzcergQ1yNyzwhW/ds8z
X-Received: by 2002:a17:906:af49:: with SMTP id ly9mr42654824ejb.238.1606117448480;
        Sun, 22 Nov 2020 23:44:08 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1606117448; cv=none;
        d=google.com; s=arc-20160816;
        b=SCsuklEctUGX6nKl8lEbYCGnqFa6b6OQ5LdNqelXE1UVT7DGvUKjyvpuDbLtz3FvBt
         qGgX64S+ct71FXjWXhKQ3Gtgs87B24JiyS3NrnLwo1xkpvo9Nq6ij3/09OROnL2RTslj
         ZN9BKUSm0PHEHTKdTyxkP3rMY8P5CE5tgzk8cPAkxyqgZy3EuJXKgt5StwVeTvGYSG4B
         5Hm13odZ6eExQk3oSTuPN7dVPst/Msyy21RH4Su5+Hng3tYLkB+MCj9ajzzbNvlhfLXd
         yDepS5Ude4MB/Z1uJFntedUASK5c5JOIK8PsRst9tJw/OkeEVElju+tlZAC9wBiKW2K6
         0h0w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date;
        bh=eBzEYdR4wshwhjSMq9WHUkOeIAlyHNa4rf0GQxk7vLw=;
        b=djCDBsDiXZ8ma+a1mW2tl/C+IiYRJXtl3WIl62cT/Ute/5YZnFciJDd1Td+heU+PKd
         gw+httvAVJ4GetkJ94VEfMmD7ERzouCEt3lFwvpOKPapk47Ia5n3x1l706gUzA59yzrX
         ItZmUVRuBBVjx1/rIy0ypikeBOgwUAqkoFfu4aVszSFWvz41kGfgbephYtBdKLOs7K8Y
         l3Hyjx6uJyT/C1SaedTGtI8+7Bskc/YfzaIDOlRvUXtEIyrmisg4AhWQqSYx9aYHfWW9
         yCBmiM5bBfXlCT227vDg/SFgvqtNC6H2sweV5xAJQiheA+6oOq3oYbUFnwzpmvWMwwVO
         61XA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org
Return-Path: <linux-ext4-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id f15si6061468edc.153.2020.11.22.23.43.36;
        Sun, 22 Nov 2020 23:44:08 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728046AbgKWHmO (ORCPT <rfc822;mingkaidong@gmail.com>
        + 99 others); Mon, 23 Nov 2020 02:42:14 -0500
Received: from youngberry.canonical.com ([91.189.89.112]:33413 "EHLO
        youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725847AbgKWHmO (ORCPT
        <rfc822;linux-ext4@vger.kernel.org>); Mon, 23 Nov 2020 02:42:14 -0500
Received: from ip5f5af0a0.dynamic.kabel-deutschland.de ([95.90.240.160] helo=wittgenstein)
        by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
        (Exim 4.86_2)
        (envelope-from <christian.brauner@ubuntu.com>)
        id 1kh6U2-000754-LD; Mon, 23 Nov 2020 07:41:58 +0000
Date:   Mon, 23 Nov 2020 08:41:57 +0100
From:   Christian Brauner <christian.brauner@ubuntu.com>
To:     Paul Moore <paul@paul-moore.com>
Cc:     Alexander Viro <viro@zeniv.linux.org.uk>,
        Christoph Hellwig <hch@infradead.org>,
        linux-fsdevel@vger.kernel.org,
        John Johansen <john.johansen@canonical.com>,
        James Morris <jmorris@namei.org>,
        Mimi Zohar <zohar@linux.ibm.com>,
        Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
        Stephen Smalley <stephen.smalley.work@gmail.com>,
        Casey Schaufler <casey@schaufler-ca.com>,
        Arnd Bergmann <arnd@arndb.de>,
        Andreas Dilger <adilger.kernel@dilger.ca>,
        OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>,
        Geoffrey Thomas <geofft@ldpreload.com>,
        Mrunal Patel <mpatel@redhat.com>,
        Josh Triplett <josh@joshtriplett.org>,
        Andy Lutomirski <luto@kernel.org>,
        Theodore Tso <tytso@mit.edu>, Alban Crequy <alban@kinvolk.io>,
        Tycho Andersen <tycho@tycho.ws>,
        David Howells <dhowells@redhat.com>,
        James Bottomley <James.Bottomley@hansenpartnership.com>,
        Jann Horn <jannh@google.com>,
        Seth Forshee <seth.forshee@canonical.com>,
        =?utf-8?B?U3TDqXBoYW5l?= Graber <stgraber@ubuntu.com>,
        Aleksa Sarai <cyphar@cyphar.com>,
        Lennart Poettering <lennart@poettering.net>,
        "Eric W. Biederman" <ebiederm@xmission.com>, smbarber@chromium.org,
        Phil Estes <estesp@gmail.com>, Serge Hallyn <serge@hallyn.com>,
        Kees Cook <keescook@chromium.org>,
        Todd Kjos <tkjos@google.com>, Jonathan Corbet <corbet@lwn.net>,
        containers@lists.linux-foundation.org,
        linux-security-module@vger.kernel.org, linux-api@vger.kernel.org,
        linux-ext4@vger.kernel.org, linux-audit@redhat.com,
        linux-integrity@vger.kernel.org, selinux@vger.kernel.org
Subject: Re: [PATCH v2 31/39] audit: handle idmapped mounts
Message-ID: <20201123074157.fqus6fgtcytydp2c@wittgenstein>
References: <20201115103718.298186-1-christian.brauner@ubuntu.com>
 <20201115103718.298186-32-christian.brauner@ubuntu.com>
 <CAHC9VhQ5gcOa0+KKDtKEgg_v4SZV2hPdaKUbPGJAQrVB8mn0jA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <CAHC9VhQ5gcOa0+KKDtKEgg_v4SZV2hPdaKUbPGJAQrVB8mn0jA@mail.gmail.com>
Precedence: bulk
List-ID: <linux-ext4.vger.kernel.org>
X-Mailing-List: linux-ext4@vger.kernel.org

On Sun, Nov 22, 2020 at 05:17:39PM -0500, Paul Moore wrote:
> On Sun, Nov 15, 2020 at 5:43 AM Christian Brauner
> <christian.brauner@ubuntu.com> wrote:
> >
> > Audit will sometimes log the inode's i_uid and i_gid. Enable audit to log the
> > mapped inode when it is accessed from an idmapped mount.
> 
> I mentioned this in an earlier patch in this patchset, but it is worth

I did not receive that message.

> repeating here: audit currently records information in the context of
> the initial/host namespace and I believe it should probably stay that
> way until the rest of the namespace smarts that Richard is working on

Ah, that's good to know and makes the patchset simpler so I'm all for
it.

Christian