From: Paul Moore <paul@paul-moore.com>
To: Jan Kara <jack@suse.cz>, Steve Grubb <sgrubb@redhat.com>
Cc: linux-fsdevel@vger.kernel.org, linux-audit@redhat.com,
Amir Goldstein <amir73il@gmail.com>
Subject: Re: [PATCH 2/3] fanotify: define bit map fields to hold response decision context
Date: Thu, 1 Oct 2020 16:33:33 -0400 [thread overview]
Message-ID: <CAHC9VhQoc+wXqyQ76bjjYKR+KhMaj7K_p8vEh1=nR_RPMvN2Ww@mail.gmail.com> (raw)
In-Reply-To: <20201001102419.GF17860@quack2.suse.cz>
On Thu, Oct 1, 2020 at 6:24 AM Jan Kara <jack@suse.cz> wrote:
> On Thu 01-10-20 12:12:19, Jan Kara wrote:
> > On Wed 30-09-20 12:12:28, Steve Grubb wrote:
> > > This patch defines 2 bit maps within the response variable returned from
Please use "bitmaps" instead of "bit maps".
> > So how likely do you find other context types are or that you'd need to
> > further expand the information passed from userspace? Because if there are
> > decent changes the expansion will be needed then I'd rather do something
> > like:
> >
> > struct fanotify_response {
> > __s32 fd;
> > __u16 response;
> > __u16 extra_info_type;
> > };
> >
> > which is also backwards compatible and then userspace can set extra_info_type
> > and based on the type we'd know how much more bytes we need to copy from
> > buf to get additional information for that info type.
> >
> > This is much more flexible than what you propose and not that complex to
> > implement, you get type safety for extra information and don't need to use
> > macros to cram everything in u32 etc. Overall cleaner interface I'd say.
Yes, much cleaner. Stealing bits from an integer is one of those
things you do as a last resort when you can't properly change an API.
Considering that APIs always tend to grow and hardly ever shrink, I
would much prefer Jan's suggestion.
> Now I realized we need to propagate the extra information through fanotify
> permission event to audit - that can be also done relatively easily. Just
> add '__u16 extra_info_type' to fanotify_perm_event and 'char
> extra_info_buf[FANOTIFY_MAX_RESPONSE_EXTRA_LEN]' for now for the data. If
> we ever grow larger extra info structures, we can always change this to
> dynamic allocation but that will be only internal fanotify change,
> userspace facing API can stay the same.
That fanotify/audit interface doesn't bother me as much since that is
internal and we can modify that as needed; the userspace/kernel
fanotify API and the audit record are the important things to focus
on.
Simply recording the "extra_info_type" integer and dumping the
"extra_info" as a hex encoded bitstring in the audit record is
probably the most future proof solution, but I'm not sure what Steve's
tooling would want from such a record. It also seems to be in the
spirit of Steve's 3/3 patch.
--
paul moore
www.paul-moore.com
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
prev parent reply other threads:[~2020-10-01 20:35 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-30 16:12 [PATCH 2/3] fanotify: define bit map fields to hold response decision context Steve Grubb
2020-10-01 10:12 ` Jan Kara
2020-10-01 10:24 ` Jan Kara
2020-10-01 20:33 ` Paul Moore [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHC9VhQoc+wXqyQ76bjjYKR+KhMaj7K_p8vEh1=nR_RPMvN2Ww@mail.gmail.com' \
--to=paul@paul-moore.com \
--cc=amir73il@gmail.com \
--cc=jack@suse.cz \
--cc=linux-audit@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=sgrubb@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).