From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-14.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, MENTIONS_GIT_HOSTING,SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED,USER_AGENT_NEOMUTT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id BEF1FC43387 for ; Thu, 3 Jan 2019 20:38:40 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 7AEF521479 for ; Thu, 3 Jan 2019 20:38:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726347AbfACUij (ORCPT ); Thu, 3 Jan 2019 15:38:39 -0500 Received: from mx1.redhat.com ([209.132.183.28]:41008 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725996AbfACUij (ORCPT ); Thu, 3 Jan 2019 15:38:39 -0500 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 07D907EBCB; Thu, 3 Jan 2019 20:38:38 +0000 (UTC) Received: from madcap2.tricolour.ca (ovpn-112-10.phx2.redhat.com [10.3.112.10]) by smtp.corp.redhat.com (Postfix) with ESMTPS id DDCBC5D9D1; Thu, 3 Jan 2019 20:38:21 +0000 (UTC) Date: Thu, 3 Jan 2019 15:38:19 -0500 From: Richard Guy Briggs To: Paul Moore Cc: containers@lists.linux-foundation.org, linux-api@vger.kernel.org, linux-audit@redhat.com, linux-kernel@vger.kernel.org, ebiederm@xmission.com, luto@kernel.org, dhowells@redhat.com, viro@zeniv.linux.org.uk, simo@redhat.com, Eric Paris , Serge Hallyn Subject: Re: [PATCH ghak90 (was ghak32) V4 01/10] audit: collect audit task parameters Message-ID: <20190103203819.4qhtkq3ffao5brv3@madcap2.tricolour.ca> References: <8e617ab568df28a66dfbe3284452de186b42fb0f.1533065887.git.rgb@redhat.com> <20181101220724.ggkqyf5kjv7lhabx@madcap2.tricolour.ca> <20190103202938.ntdfqdmyrr7stzh2@madcap2.tricolour.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20180716 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Thu, 03 Jan 2019 20:38:38 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2019-01-03 15:33, Paul Moore wrote: > On Thu, Jan 3, 2019 at 3:29 PM Richard Guy Briggs wrote: > > I'm not sure what's going on here, but it looks like HTML-encoded reply > > quoting making the quoted text very difficult to read. All the previous > > ">" have been converted to the HTML ">" encoding. Your most recent > > reply text looks mostly fine. > > Not sure what happened either, I suspect gmail did something odd when > I saved them as drafts, but it has never done that before. FWIW, I > generally batch up individual review comments for complex patchsets as > one often needs to review the entire set first before commenting. > > The most recent reply to patch 0/10 wasn't saved as a draft before sending. Yeah, I noticed the last one was fine and wondered why it was different. /me <3 mutt... > > On 2019-01-03 15:10, Paul Moore wrote: > > > On Thu, Nov 1, 2018 at 6:07 PM Richard Guy Briggs wrote: > > > > On 2018-10-19 19:15, Paul Moore wrote: > > > > > On Sun, Aug 5, 2018 at 4:32 AM Richard Guy Briggs > > > wrote: > > > > > > The audit-related parameters in struct task_struct > > > should ideally be > > > > > > collected together and accessed through a standard audit API. > > > > > > > > > > > > Collect the existing loginuid, sessionid and > > > audit_context together in a > > > > > > new struct audit_task_info called "audit" in struct task_struct. > > > > > > > > > > > > Use kmem_cache to manage this pool of memory. > > > > > > Un-inline audit_free() to be able to always recover that memory. > > > > > > > > > > > > See: https://github.com/linux-audit/audit-kernel/issues/81 > > > > > > > > > > > > Signed-off-by: Richard Guy Briggs > > > > > > --- > > > > > > include/linux/audit.h | 34 ++++++++++++++++++++++++---------- > > > > > > include/linux/sched.h | 5 +---- > > > > > > init/init_task.c | 3 +-- > > > > > > init/main.c | 2 ++ > > > > > > kernel/auditsc.c | 51 > > > ++++++++++++++++++++++++++++++++++++++++++--------- > > > > > > kernel/fork.c | 4 +++- > > > > > > 6 files changed, 73 insertions(+), 26 deletions(-) > > > > > > > > > > ... > > > > > > > > > > > diff --git a/include/linux/sched.h b/include/linux/sched.h > > > > > > index 87bf02d..e117272 100644 > > > > > > --- a/include/linux/sched.h > > > > > > +++ b/include/linux/sched.h > > > > > > @@ -873,10 +872,8 @@ struct task_struct { > > > > > > > > > > > > struct callback_head *task_works; > > > > > > > > > > > > - struct audit_context *audit_context; > > > > > > #ifdef CONFIG_AUDITSYSCALL > > > > > > - kuid_t loginuid; > > > > > > - unsigned int sessionid; > > > > > > + struct audit_task_info *audit; > > > > > > #endif > > > > > > struct seccomp seccomp; > > > > > > > > > > Prior to this patch audit_context was available regardless of > > > > > CONFIG_AUDITSYSCALL, after this patch the corresponding audit_context > > > > > is only available when CONFIG_AUDITSYSCALL is defined. > > > > > > > > This was intentional since audit_context is not used when AUDITSYSCALL is > > > > disabled. audit_alloc() was stubbed in that case to return 0. > > > audit_context() > > > > returned NULL. > > > > > > > > The fact that audit_context was still present in struct task_struct was an > > > > oversight in the two patches already accepted: > > > > ("audit: use inline function to get audit context") > > > > ("audit: use inline function to get audit context") > > > > that failed to hide or remove it from struct task_struct when it > > > was no longer > > > > relevant. > > > > > > Okay, in that case let's pull this out and fix this separately from > > > the audit container ID patchset. > > > > > > > On further digging, loginuid and sessionid (and > > > audit_log_session_info) should > > > > be part of CONFIG_AUDIT scope and not CONFIG_AUDITSYSCALL since > > > it is used in > > > > CONFIG_CHANGE, ANOM_LINK, FEATURE_CHANGE(, INTEGRITY_RULE), none > > > of which are > > > > otherwise dependent on AUDITSYSCALL. > > > > > > This looks like something else we should fix independently from this patchset. > > > > > > > Looking ahead, contid should be treated like loginuid and > > > sessionid, which are > > > > currently only available when syscall auditting is. > > > > > > That seems reasonable. Eventually it would be great if we got rid of > > > CONFIG_AUDITSYSCALL, but that is a separate issue, and something that > > > is going to require work from the different arch/ABI folks to ensure > > > everything is working properly. > > > > > > > Converting records from standalone to syscall and checking > > > audit_dummy_context > > > > changes the nature of CONFIG_AUDIT/!CONFIG_AUDITSYSCALL separation. > > > > eg: ANOM_LINK accompanied by PATH record (which needed CWD addition to be > > > > complete anyways) > > > > > > > > > > diff --git a/init/main.c b/init/main.c > > > > > > index 3b4ada1..6aba171 100644 > > > > > > --- a/init/main.c > > > > > > +++ b/init/main.c > > > > > > @@ -92,6 +92,7 @@ > > > > > > #include > > > > > > #include > > > > > > #include > > > > > > +#include > > > > > > > > > > > > #include > > > > > > #include > > > > > > @@ -721,6 +722,7 @@ asmlinkage __visible void __init > > > start_kernel(void) > > > > > > nsfs_init(); > > > > > > cpuset_init(); > > > > > > cgroup_init(); > > > > > > + audit_task_init(); > > > > > > taskstats_init_early(); > > > > > > delayacct_init(); > > > > > > > > > > It seems like we would need either init_struct_audit or > > > > > audit_task_init(), but not both, yes? > > > > > > > > One sets initial values of init task via an included struct, > > > other makes a call > > > > to create the kmem cache. Both seem appropriate to me unless we move the > > > > initialization from a struct to assignments in audit_task_init(), > > > but I'm not > > > > that comfortable separating the audit init values from the rest of the > > > > task_struct init task initializers (though there are other > > > subsystems that need > > > > to do so dynamically). > > > > > > My original thinking was focused on the use of init_struct_audit as an > > > initializer when audit_task_init() was already creating a kmem_cache > > > pool and a zero'd/init'd audit_task_info could be obtained via the > > > usual kmem_cache functions. Alternatively, although I don't believe > > > it would be recommended for this case, would be to use > > > init_struct_audit as an init helper if we included the audit_task_info > > > struct directly in the task_struct, as opposed to a pointer. What I > > > missed was the simple fact that you're only using init_struct_audit > > > for the init_task, which pretty much makes my original question rather > > > silly :) > > > > > > -- > > > paul moore > > > www.paul-moore.com > > > > - RGB > > > > -- > > Richard Guy Briggs > > Sr. S/W Engineer, Kernel Security, Base Operating Systems > > Remote, Ottawa, Red Hat Canada > > IRC: rgb, SunRaycer > > Voice: +1.647.777.2635, Internal: (81) 32635 > > > > -- > paul moore > www.paul-moore.com - RGB -- Richard Guy Briggs Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635