All of lore.kernel.org
 help / color / mirror / Atom feed
From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: Paul Moore <paul@paul-moore.com>
Cc: Stefan Berger <stefanb@linux.vnet.ibm.com>,
	linux-integrity@vger.kernel.org, linux-audit@redhat.com,
	sgrubb@redhat.com, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v3 4/4] ima: Differentiate auditing policy rules from "audit" actions
Date: Wed, 06 Jun 2018 10:52:23 -0400	[thread overview]
Message-ID: <1528296743.3255.29.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <CAHC9VhSbdYOkcszy+emgPNWWtUc0LoWy8pPvov+qjubV7b_EjQ@mail.gmail.com>

On Tue, 2018-06-05 at 18:18 -0400, Paul Moore wrote:
> On Tue, Jun 5, 2018 at 10:15 AM, Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:
> > Hi Paul,
> >
> > On Mon, 2018-06-04 at 20:21 -0400, Paul Moore wrote:
> >> On Mon, Jun 4, 2018 at 4:54 PM, Stefan Berger
> >> <stefanb@linux.vnet.ibm.com> wrote:
> >> > The AUDIT_INTEGRITY_RULE is used for auditing IMA policy rules and
> >> > the IMA "audit" policy action.  This patch defines
> >> > AUDIT_INTEGRITY_POLICY_RULE to reflect the IMA policy rules.
> >> >
> >> > Since we defined a new message type we can now also pass the
> >> > audit_context and get an associated SYSCALL record. This now produces
> >> > the following records when parsing IMA policy's rules:
> >>
> >> Aaand now I see you included the current->audit_context pointer I
> >> mentioned in my comments for 3/4 ;)
> >>
> >> So basically this should be fine, although I should point out that you
> >> do not need to define a new message type to associate records
> >> together.  The fact that we don't associate all connected records is
> >> basically a bug.
> >>
> >> Anyway, patches 3/4 and 4/4 look good to me.  Considering this is
> >> likely going in during the *next* merge window, I would ask that you
> >> convert from "current->audit_context" to "audit_context()" as soon as
> >> this merge window closes.
> >>
> >> Thanks!
> >
> > Thanks, Paul.  I'd like to start queueing patches for the next open
> > window now, instead of scrambling later.  Can I add your Ack now, and
> > remember to make this change when rebasing?
> 
> Sure, go ahead and add my ACK to both 3/4 and 4/4 as long as you
> double pinky swear you'll do the audit_context() fix-up during the
> merge :)
> 
> Acked-by: Paul Moore <paul@paul-moore.com>

Sure, it will be really hard to miss.  The next-integrity-queued
branch has:

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

*** Remember replace current->audit_context with call to audit_context() ***
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

WARNING: multiple messages have this Message-ID (diff)
From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: Paul Moore <paul@paul-moore.com>
Cc: Stefan Berger <stefanb@linux.vnet.ibm.com>,
	linux-integrity@vger.kernel.org, linux-audit@redhat.com,
	sgrubb@redhat.com, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v3 4/4] ima: Differentiate auditing policy rules from "audit" actions
Date: Wed, 06 Jun 2018 10:52:23 -0400	[thread overview]
Message-ID: <1528296743.3255.29.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <CAHC9VhSbdYOkcszy+emgPNWWtUc0LoWy8pPvov+qjubV7b_EjQ@mail.gmail.com>

On Tue, 2018-06-05 at 18:18 -0400, Paul Moore wrote:
> On Tue, Jun 5, 2018 at 10:15 AM, Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:
> > Hi Paul,
> >
> > On Mon, 2018-06-04 at 20:21 -0400, Paul Moore wrote:
> >> On Mon, Jun 4, 2018 at 4:54 PM, Stefan Berger
> >> <stefanb@linux.vnet.ibm.com> wrote:
> >> > The AUDIT_INTEGRITY_RULE is used for auditing IMA policy rules and
> >> > the IMA "audit" policy action.  This patch defines
> >> > AUDIT_INTEGRITY_POLICY_RULE to reflect the IMA policy rules.
> >> >
> >> > Since we defined a new message type we can now also pass the
> >> > audit_context and get an associated SYSCALL record. This now produces
> >> > the following records when parsing IMA policy's rules:
> >>
> >> Aaand now I see you included the current->audit_context pointer I
> >> mentioned in my comments for 3/4 ;)
> >>
> >> So basically this should be fine, although I should point out that you
> >> do not need to define a new message type to associate records
> >> together.  The fact that we don't associate all connected records is
> >> basically a bug.
> >>
> >> Anyway, patches 3/4 and 4/4 look good to me.  Considering this is
> >> likely going in during the *next* merge window, I would ask that you
> >> convert from "current->audit_context" to "audit_context()" as soon as
> >> this merge window closes.
> >>
> >> Thanks!
> >
> > Thanks, Paul.  I'd like to start queueing patches for the next open
> > window now, instead of scrambling later.  Can I add your Ack now, and
> > remember to make this change when rebasing?
> 
> Sure, go ahead and add my ACK to both 3/4 and 4/4 as long as you
> double pinky swear you'll do the audit_context() fix-up during the
> merge :)
> 
> Acked-by: Paul Moore <paul@paul-moore.com>

Sure, it will be really hard to miss.  The next-integrity-queued
branch has:

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

*** Remember replace current->audit_context with call to audit_context() ***
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

  reply	other threads:[~2018-06-06 14:52 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-06-04 20:54 [PATCH v3 0/4] IMA: work on audit records produced by IMA Stefan Berger
2018-06-04 20:54 ` [PATCH v3 1/4] ima: Call audit_log_string() rather than logging it untrusted Stefan Berger
2018-06-04 20:54 ` [PATCH v3 2/4] ima: Use audit_log_format() rather than audit_log_string() Stefan Berger
2018-06-04 20:54 ` [PATCH v3 3/4] ima: Do not audit if CONFIG_INTEGRITY_AUDIT is not set Stefan Berger
2018-06-05  0:16   ` Paul Moore
2018-06-04 20:54 ` [PATCH v3 4/4] ima: Differentiate auditing policy rules from "audit" actions Stefan Berger
2018-06-05  0:21   ` Paul Moore
2018-06-05 14:15     ` Mimi Zohar
2018-06-05 14:15       ` Mimi Zohar
2018-06-05 22:18       ` Paul Moore
2018-06-06 14:52         ` Mimi Zohar [this message]
2018-06-06 14:52           ` Mimi Zohar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1528296743.3255.29.camel@linux.vnet.ibm.com \
    --to=zohar@linux.vnet.ibm.com \
    --cc=linux-audit@redhat.com \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=paul@paul-moore.com \
    --cc=sgrubb@redhat.com \
    --cc=stefanb@linux.vnet.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.