From: Paul Moore <paul@paul-moore.com>
To: Stefan Berger <stefanb@linux.vnet.ibm.com>
Cc: zohar@linux.vnet.ibm.com, linux-integrity@vger.kernel.org,
linux-audit@redhat.com, sgrubb@redhat.com,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v3 3/4] ima: Do not audit if CONFIG_INTEGRITY_AUDIT is not set
Date: Mon, 4 Jun 2018 20:16:42 -0400 [thread overview]
Message-ID: <CAHC9VhSRZJVUdyCCp9YtVofyKYy60qXQZD5z2OqQKQ-h4s9fCQ@mail.gmail.com> (raw)
In-Reply-To: <20180604205455.2325754-4-stefanb@linux.vnet.ibm.com>
On Mon, Jun 4, 2018 at 4:54 PM, Stefan Berger
<stefanb@linux.vnet.ibm.com> wrote:
> If Integrity is not auditing, IMA shouldn't audit, either.
>
> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
> ---
> security/integrity/ima/Kconfig | 1 +
> security/integrity/ima/ima_policy.c | 6 +++++-
> security/integrity/integrity.h | 15 +++++++++++++++
> 3 files changed, 21 insertions(+), 1 deletion(-)
>
> diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
> index 6a8f67714c83..94c2151331aa 100644
> --- a/security/integrity/ima/Kconfig
> +++ b/security/integrity/ima/Kconfig
> @@ -12,6 +12,7 @@ config IMA
> select TCG_TIS if TCG_TPM && X86
> select TCG_CRB if TCG_TPM && ACPI
> select TCG_IBMVTPM if TCG_TPM && PPC_PSERIES
> + select INTEGRITY_AUDIT if AUDIT
> help
> The Trusted Computing Group(TCG) runtime Integrity
> Measurement Architecture(IMA) maintains a list of hash
> diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
> index 3fcf0935468c..bc99713dfe57 100644
> --- a/security/integrity/ima/ima_policy.c
> +++ b/security/integrity/ima/ima_policy.c
> @@ -628,6 +628,9 @@ static int ima_lsm_rule_init(struct ima_rule_entry *entry,
> static void ima_log_string_op(struct audit_buffer *ab, char *key, char *value,
> bool (*rule_operator)(kuid_t, kuid_t))
> {
> + if (!ab)
> + return;
> +
> if (rule_operator == &uid_gt)
> audit_log_format(ab, "%s>", key);
> else if (rule_operator == &uid_lt)
> @@ -649,7 +652,8 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
> bool uid_token;
> int result = 0;
>
> - ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_INTEGRITY_RULE);
> + ab = integrity_audit_log_start(NULL, GFP_KERNEL,
> + AUDIT_INTEGRITY_RULE);
There was a lot of confusion here, so this is understandable, but you
should pass "audit_context()"[1] as the first parameter instead of
NULL. Other than that this patch looks fine.
[1] In Linus' tree at the moment you would need to use
current->audit_context, but the audit PR heading to Linus during this
merge window will introduce the "audit_context()" function which is
preferable as we may need to change things around a bit in the near
future.
> entry->uid = INVALID_UID;
> entry->fowner = INVALID_UID;
> diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
> index 0bb372eed62a..e60473b13a8d 100644
> --- a/security/integrity/integrity.h
> +++ b/security/integrity/integrity.h
> @@ -15,6 +15,7 @@
> #include <linux/integrity.h>
> #include <crypto/sha.h>
> #include <linux/key.h>
> +#include <linux/audit.h>
>
> /* iint action cache flags */
> #define IMA_MEASURE 0x00000001
> @@ -199,6 +200,13 @@ static inline void evm_load_x509(void)
> void integrity_audit_msg(int audit_msgno, struct inode *inode,
> const unsigned char *fname, const char *op,
> const char *cause, int result, int info);
> +
> +static inline struct audit_buffer *
> +integrity_audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type)
> +{
> + return audit_log_start(ctx, gfp_mask, type);
> +}
> +
> #else
> static inline void integrity_audit_msg(int audit_msgno, struct inode *inode,
> const unsigned char *fname,
> @@ -206,4 +214,11 @@ static inline void integrity_audit_msg(int audit_msgno, struct inode *inode,
> int result, int info)
> {
> }
> +
> +static inline struct audit_buffer *
> +integrity_audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type)
> +{
> + return NULL;
> +}
> +
> #endif
> --
> 2.13.6
--
paul moore
www.paul-moore.com
next prev parent reply other threads:[~2018-06-05 0:16 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-04 20:54 [PATCH v3 0/4] IMA: work on audit records produced by IMA Stefan Berger
2018-06-04 20:54 ` [PATCH v3 1/4] ima: Call audit_log_string() rather than logging it untrusted Stefan Berger
2018-06-04 20:54 ` [PATCH v3 2/4] ima: Use audit_log_format() rather than audit_log_string() Stefan Berger
2018-06-04 20:54 ` [PATCH v3 3/4] ima: Do not audit if CONFIG_INTEGRITY_AUDIT is not set Stefan Berger
2018-06-05 0:16 ` Paul Moore [this message]
2018-06-04 20:54 ` [PATCH v3 4/4] ima: Differentiate auditing policy rules from "audit" actions Stefan Berger
2018-06-05 0:21 ` Paul Moore
2018-06-05 14:15 ` Mimi Zohar
2018-06-05 14:15 ` Mimi Zohar
2018-06-05 22:18 ` Paul Moore
2018-06-06 14:52 ` Mimi Zohar
2018-06-06 14:52 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAHC9VhSRZJVUdyCCp9YtVofyKYy60qXQZD5z2OqQKQ-h4s9fCQ@mail.gmail.com \
--to=paul@paul-moore.com \
--cc=linux-audit@redhat.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sgrubb@redhat.com \
--cc=stefanb@linux.vnet.ibm.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.