From mboxrd@z Thu Jan 1 00:00:00 1970 From: Paul Moore Subject: Re: Limiting SECCOMP audit events Date: Fri, 15 Dec 2017 09:08:05 -0500 Message-ID: <1605a80e588.280e.85c95baa4474aabc7814e68940a78392@paul-moore.com> References: <58203247.sCqcla2mis@x2> <36cd827f-201c-8f76-2883-ecd930cbb1f4@canonical.com> <3499769.OM7YpPIT3e@x2> <20171214230629.GA451@sec> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: Received: from mx1.redhat.com (ext-mx02.extmail.prod.ext.phx2.redhat.com [10.5.110.26]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D97517C3E1 for ; Fri, 15 Dec 2017 14:08:16 +0000 (UTC) Received: from mail-it0-f65.google.com (mail-it0-f65.google.com [209.85.214.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 1DE89883B9 for ; Fri, 15 Dec 2017 14:08:10 +0000 (UTC) Received: by mail-it0-f65.google.com with SMTP id f190so19175025ita.5 for ; Fri, 15 Dec 2017 06:08:10 -0800 (PST) In-Reply-To: <20171214230629.GA451@sec> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Tyler Hicks , Steve Grubb Cc: Linux Audit List-Id: linux-audit@redhat.com T24gRGVjZW1iZXIgMTQsIDIwMTcgNjowNjo0OSBQTSBUeWxlciBIaWNrcyA8dHloaWNrc0BjYW5v bmljYWwuY29tPiB3cm90ZToKCj4gT24gMTIvMTQvMjAxNyAwOToxOSBBTSwgU3RldmUgR3J1YmIg d3JvdGU6Cj4+IE9uIFRodXJzZGF5LCBEZWNlbWJlciAxNCwgMjAxNyAxMDowNDo0OCBBTSBFU1Qg VHlsZXIgSGlja3Mgd3JvdGU6Cj4+Cj4+PiBPbiAxMi8xMy8yMDE3IDA1OjU4IFBNLCBTdGV2ZSBH cnViYiB3cm90ZToKPj4KPj4+ID4gT3ZlciB0aGUgbGFzdCBtb250aCwgdGhlIGFtb3VudCBvZiBz ZWNjb21wIGV2ZW50cyBpbiBhdWRpdCBsb2dzIGlzCj4+Cj4+PiA+IHNreS1yb2NrZXRpbmcuIEkg aGF2ZSBvdmVyIGEgbWlsbGlvbiBldmVudHMgaW4gdGhlIGxhc3QgMiBkYXlzLiBNb3N0IG9mCj4+ Cj4+PiA+IHRoaXMgaXMgZ2VuZXJhdGVkIGJ5IGZpcmVmb3ggYW5kIHF0IHdlYmtpdC4KPj4KPj4+ ID4KPj4KPj4+ID4gSSBhbSB3b25kZXJpbmcgaWYgdGhlIGF1ZGl0IHBhY2thZ2Ugc2hvdWxkIHNo aXAgYSBmaWxlIGZvcgo+Pgo+Pj4gPgo+Pgo+Pj4gPiAvdXNyL2xpYi9zeXNjdGwuZC82MC1hdWRp dGQuY29uZgo+Pgo+Pj4gPgo+Pgo+Pj4gPiB3aGVyZWluIGl0IGhhcwo+Pgo+Pj4gPgo+Pgo+Pj4g PiBrZXJuZWwuc2VjY29tcC5hY3Rpb25zX2xvZ2dlZCA9IGtpbGxfcHJvY2VzcyBraWxsX3RocmVh ZCBlcnJubwo+Pgo+Pj4KPj4KPj4+IEkgYWdyZWUgd2l0aCBLZWVzIGhlcmUuIElNTywgeW91IG9u bHkgd2FudCAia2lsbF9wcm9jZXNzIGtpbGxfdGhyZWFkIgo+Pgo+Pj4gd2hpY2ggaXMgdGhlIGRl ZmF1bHQuCj4+Cj4+IMKgCj4+Cj4+IFRoZSBkZWZhdWx0IGFwcGVhcnMgdG8gYmUgYWxsIG9mIHRo ZSB0eXBlcyBvZiBldmVudHMgd2l0aG91dCBzZXR0aW5nCj4+IGtlcm5lbC5zZWNjb21wLmFjdGlv bnNfbG9nZ2VkLgo+Cj4gQWgsIHJpZ2h0LiBJIGRpZG4ndCBjb3JyZWN0bHkgcmVtZW1iZXIgdGhl IGZpbmFsIGltcGxlbWVudGF0aW9uIGRldGFpbHMuCj4gVGhlIGRlZmF1bHQgc3lzY3RsIHNldHRp bmcgaXMgdG8gYWxsb3cgYWxsIGFjdGlvbnMgZXhjZXB0IGZvciBSRVRfQUxMT1cKPiB0byBiZSBs b2dnZWQuCj4KPiBJIHRoaW5rIHRoZSBlYXNpZXN0IGRlc2NyaXB0aW9uIG9mIHRoZSBsb2dpYyBp cyBpbiB0aGUgY29tbWl0IG1lc3NhZ2Ugb2YKPiA1OWY1Y2Y0NGEzODI4NGViOWU3NjI3MGM3ODZm YjZjYzYyZWY4YWM0Ogo+Cj4gICAgIGlmIGFjdGlvbiA9PSBSRVRfQUxMT1c6Cj4gICAgICAgZG8g bm90IGxvZwo+ICAgICBlbHNlIGlmIGFjdGlvbiA9PSBSRVRfS0lMTCAmJiBSRVRfS0lMTCBpbiBh Y3Rpb25zX2xvZ2dlZDoKPiAgICAgICBsb2cKPiAgICAgZWxzZSBpZiBhY3Rpb24gPT0gUkVUX0xP RyAmJiBSRVRfTE9HIGluIGFjdGlvbnNfbG9nZ2VkOgo+ICAgICAgIGxvZwo+ICAgICBlbHNlIGlm IGZpbHRlci1yZXF1ZXN0cy1sb2dnaW5nICYmIGFjdGlvbiBpbiBhY3Rpb25zX2xvZ2dlZDoKPiAg ICAgICBsb2cKPiAgICAgZWxzZSBpZiBhdWRpdF9lbmFibGVkICYmIHByb2Nlc3MtaXMtYmVpbmct YXVkaXRlZDoKPiAgICAgICBsb2cKPiAgICAgZWxzZToKPiAgICAgICBkbyBub3QgbG9nCj4KPiBJ IHRoaW5rIEkgb3JpZ2luYWxseSBtaXN1bmRlcnN0b29kIHlvdXIgZmlyc3QgZW1haWwgaW4gdGhp cyB0aHJlYWQuIEkKPiB0aG91Z2h0IHlvdSB3ZXJlIHNheWluZyB0aGF0IHlvdSB3ZXJlIGV4cGVy aWVuY2luZyBtb3JlIHNlY2NvbXAgYXVkaXQKPiBldmVudHMgaW4gNC4xNCB2ZXJzdXMgNC4xMyBh bmQgdGhhdCB5b3UgZmVsdCBhIHJlZ3Jlc3Npb24gaGFkIGJlZW4KPiBpbnRyb2R1Y2VkLiBBZnRl ciByZXJlYWRpbmcsIEkgdGhpbmsgeW91J3JlIGFza2luZyB3aHkgeW91J3JlIGdldHRpbmcKPiBz ZWNjb21wIFJFVF9UUkFQIGFjdGlvbnMgbG9nZ2VkIGV2ZW4gdGhvdWdoICJ0cmFwIiBpc24ndCBp biB0aGUKPiBhY3Rpb25zX2xvZ2dlZCBzeXNjdGwuCj4KPiBUaGUgcmVhc29uIGlzIGJlY2F1c2Ug SSBkaWRuJ3QgZ2V0IGNsZWFyIGRpcmVjdGlvbiBmcm9tIHRoZSBhdWRpdAo+IGZvbGtzIGFib3V0 IHRvIGRvIHdoZW4gYXVkaXQgaXMgZW5hYmxlZCBhbmQgdGhlIHByb2Nlc3MgaXMgYmVpbmcgYXVk aXRlZAo+IGFuZCwgdGhlcmVmb3JlLCBJIGRpZG4ndCBmZWVsIGNvbWZvcnRhYmxlIHJvY2tpbmcg dGhlIGJvYXQuIEluIHRoYXQKPiBzaXR1YXRpb24sIHRoZSBkZWNpc2lvbiB0byBsb2cgaXMgdGhl IHNhbWUgYXMgaXQgd2FzIGluIGVhcmxpZXIga2VybmVscy4KPiBTcGVjaWZpY2FsbHksIHlvdSdy ZSBoaXR0aW5nIHRoZSBsYXN0ICJlbHNlIGlmIiBjb25kaXRpb25hbCBpbiB0aGUKPiBwc2V1ZG9j b2RlIGFib3ZlLgo+Cj4gSWYgeW91J3JlIGhhcHB5IHdpdGggaGF2aW5nIHRoZSBhY3Rpb25zX2xv Z2dlZCBzeXNjdGwgY29udHJvbCB3aGV0aGVyIG9yCj4gbm90IHRvIGxvZyBzZWNjb21wIGFjdGlv bnMgdGFrZW4gZm9yIHByb2Nlc3NlcyB0aGF0IGFyZSBiZWluZyBhdWRpdGVkLAo+IHRoZW4gSSB0 aGluayB0aGUgZm9sbG93aW5nICh1bnRlc3RlZCkgcGF0Y2ggc2hvdWxkIGRvIGV4YWN0bHkgd2hh dCB5b3UKPiB3YW50LiBJIGltYWdpbmUgdGhhdCB5b3UnZCBhbHNvIHdhbnQgc2VjY29tcCB0byBl bWl0IGF1ZGl0IGV2ZW50cwo+IHdoZW5ldmVyIHRoZSB2YWx1ZSBvZiB0aGUgYWN0aW9uc19sb2dn ZWQgc3lzY3RsIGlzIGNoYW5nZWQsIHdoaWNoIHNob3VsZAo+IGJlIHByZXR0eSBlYXN5IHRvIGRv Lgo+Cj4gSSBob3BlIHRoaXMgaGVscHMhCj4KPiBUeWxlcgo+Cj4gZGlmZiAtLWdpdCBhL2luY2x1 ZGUvbGludXgvYXVkaXQuaCBiL2luY2x1ZGUvbGludXgvYXVkaXQuaAo+IGluZGV4IGFmNDEwZDku LjA5NWI1ZGQgMTAwNjQ0Cj4gLS0tIGEvaW5jbHVkZS9saW51eC9hdWRpdC5oCj4gKysrIGIvaW5j bHVkZS9saW51eC9hdWRpdC5oCj4gQEAgLTMwNCwxMiArMzA0LDYgQEAgc3RhdGljIGlubGluZSB2 b2lkIGF1ZGl0X2lub2RlX2NoaWxkKHN0cnVjdCBpbm9kZSAqcGFyZW50LAo+ICB9Cj4gIHZvaWQg YXVkaXRfY29yZV9kdW1wcyhsb25nIHNpZ25yKTsKPgo+IC1zdGF0aWMgaW5saW5lIHZvaWQgYXVk aXRfc2VjY29tcCh1bnNpZ25lZCBsb25nIHN5c2NhbGwsIGxvbmcgc2lnbnIsIGludCBjb2RlKQo+ IC17Cj4gLQlpZiAoYXVkaXRfZW5hYmxlZCAmJiB1bmxpa2VseSghYXVkaXRfZHVtbXlfY29udGV4 dCgpKSkKPiAtCQlfX2F1ZGl0X3NlY2NvbXAoc3lzY2FsbCwgc2lnbnIsIGNvZGUpOwo+IC19Cj4g LQoKTG9va3MgZ29vZCB0byBtZSBidXQgdHdvIHRoaW5nczoKCiogQ2hhbmdlIHRoZSBuYW1lIG9m IF9fYXVkaXRfc2VjY29tcCgpIHRvIGF1ZGl0X3NlY2NvbXAoKSBzaW5jZSB3ZSBkb24ndApoYXZl IHR3byBmdW5jdGlvbnMgYW55bW9yZS4KCiogQXJlIHdlIHN1cmUgYWJvdXQgcmVtb3ZpbmcgdGhl IGF1ZGl0X2VuYWJsZWQgY2hlY2s/IFBlb3BsZSBnb3QgcHJldHR5CnVwc2V0IHdoZW4gaXQgd2Fz bid0IHRoZXJlIGluIHRoZSBwYXN0LgoKPiAgc3RhdGljIGlubGluZSB2b2lkIGF1ZGl0X3B0cmFj ZShzdHJ1Y3QgdGFza19zdHJ1Y3QgKnQpCj4gIHsKPiAgCWlmICh1bmxpa2VseSghYXVkaXRfZHVt bXlfY29udGV4dCgpKSkKPiBAQCAtNTAyLDggKzQ5Niw2IEBAIHN0YXRpYyBpbmxpbmUgdm9pZCBh dWRpdF9jb3JlX2R1bXBzKGxvbmcgc2lnbnIpCj4gIHsgfQo+ICBzdGF0aWMgaW5saW5lIHZvaWQg X19hdWRpdF9zZWNjb21wKHVuc2lnbmVkIGxvbmcgc3lzY2FsbCwgbG9uZyBzaWduciwgaW50IGNv ZGUpCj4gIHsgfQo+IC1zdGF0aWMgaW5saW5lIHZvaWQgYXVkaXRfc2VjY29tcCh1bnNpZ25lZCBs b25nIHN5c2NhbGwsIGxvbmcgc2lnbnIsIGludCBjb2RlKQo+IC17IH0KPiAgc3RhdGljIGlubGlu ZSBpbnQgYXVkaXRzY19nZXRfc3RhbXAoc3RydWN0IGF1ZGl0X2NvbnRleHQgKmN0eCwKPiAgCQkJ ICAgICAgc3RydWN0IHRpbWVzcGVjNjQgKnQsIHVuc2lnbmVkIGludCAqc2VyaWFsKQo+ICB7Cj4g ZGlmZiAtLWdpdCBhL2tlcm5lbC9zZWNjb21wLmMgYi9rZXJuZWwvc2VjY29tcC5jCj4gaW5kZXgg NWYwZGZiMmFiLi45MTRhNzA3IDEwMDY0NAo+IC0tLSBhL2tlcm5lbC9zZWNjb21wLmMKPiArKysg Yi9rZXJuZWwvc2VjY29tcC5jCj4gQEAgLTU5MCwxMiArNTkwLDYgQEAgc3RhdGljIGlubGluZSB2 b2lkIHNlY2NvbXBfbG9nKHVuc2lnbmVkIGxvbmcgc3lzY2FsbCwKPiBsb25nIHNpZ25yLCB1MzIg YWN0aW9uLAo+ICAJICovCj4gIAlpZiAobG9nKQo+ICAJCXJldHVybiBfX2F1ZGl0X3NlY2NvbXAo c3lzY2FsbCwgc2lnbnIsIGFjdGlvbik7Cj4gLQo+IC0JLyoKPiAtCSAqIExldCB0aGUgYXVkaXQg c3Vic3lzdGVtIGRlY2lkZSBpZiB0aGUgYWN0aW9uIHNob3VsZCBiZSBhdWRpdGVkIGJhc2VkCj4g LQkgKiBvbiB3aGV0aGVyIHRoZSBjdXJyZW50IHRhc2sgaXRzZWxmIGlzIGJlaW5nIGF1ZGl0ZWQu Cj4gLQkgKi8KPiAtCXJldHVybiBhdWRpdF9zZWNjb21wKHN5c2NhbGwsIHNpZ25yLCBhY3Rpb24p Owo+ICB9Cj4KPiAgLyoKPgo+IC0tCj4gTGludXgtYXVkaXQgbWFpbGluZyBsaXN0Cj4gTGludXgt YXVkaXRAcmVkaGF0LmNvbQo+IGh0dHBzOi8vd3d3LnJlZGhhdC5jb20vbWFpbG1hbi9saXN0aW5m by9saW51eC1hdWRpdAoKCi0tCkxpbnV4LWF1ZGl0IG1haWxpbmcgbGlzdApMaW51eC1hdWRpdEBy ZWRoYXQuY29tCmh0dHBzOi8vd3d3LnJlZGhhdC5jb20vbWFpbG1hbi9saXN0aW5mby9saW51eC1h dWRpdA==