From: Steve Grubb <sgrubb@redhat.com> To: linux-fsdevel@vger.kernel.org, Jan Kara <jack@suse.cz>, linux-audit@redhat.com, Paul Moore <paul@paul-moore.com> Cc: Amir Goldstein <amir73il@gmail.com>, Eric Paris <eparis@redhat.com> Subject: [PATCH 0/3] fanotify: Allow user space to pass back additional audit info Date: Wed, 30 Sep 2020 12:12:19 -0400 [thread overview] Message-ID: <2042449.irdbgypaU6@x2> (raw) The Fanotify API can be used for access control by requesting permission event notification. The user space tooling that uses it may have a complicated policy that inherently contains additional context for the decision. If this information were available in the audit trail, policy writers can close the loop on debugging policy. Also, if this additional information were available, it would enable the creation of tools that can suggest changes to the policy similar to how audit2allow can help refine labeled security. This patch defines 2 bit maps within the response variable returned from user space on a permission event. The first field is 3 bits for the context type. The context type will describe what the meaning is of the second bit field. The audit system will separate the pieces and log them individually. The audit function was updated to log the additional information in the AUDIT_FANOTIFY record. The following is an example of the new record format: type=FANOTIFY msg=audit(1600385147.372:590): resp=2 ctx_type=1 fan_ctx=17 Steve Grubb (3): fanotify: Ensure consistent variable type for response fanotify: define bit map fields to hold response decision context fanotify: Allow audit to use the full permission event response fs/notify/fanotify/fanotify.c | 5 ++--- fs/notify/fanotify/fanotify.h | 2 +- fs/notify/fanotify/fanotify_user.c | 11 +++-------- include/linux/fanotify.h | 5 +++++ include/uapi/linux/fanotify.h | 31 ++++++++++++++++++++++++++++++ kernel/auditsc.c | 7 +++++-- 6 files changed, 47 insertions(+), 14 deletions(-) -- 2.26.2
WARNING: multiple messages have this Message-ID (diff)
From: Steve Grubb <sgrubb@redhat.com> To: linux-fsdevel@vger.kernel.org, Jan Kara <jack@suse.cz>, linux-audit@redhat.com, Paul Moore <paul@paul-moore.com> Cc: Amir Goldstein <amir73il@gmail.com> Subject: [PATCH 0/3] fanotify: Allow user space to pass back additional audit info Date: Wed, 30 Sep 2020 12:12:19 -0400 [thread overview] Message-ID: <2042449.irdbgypaU6@x2> (raw) The Fanotify API can be used for access control by requesting permission event notification. The user space tooling that uses it may have a complicated policy that inherently contains additional context for the decision. If this information were available in the audit trail, policy writers can close the loop on debugging policy. Also, if this additional information were available, it would enable the creation of tools that can suggest changes to the policy similar to how audit2allow can help refine labeled security. This patch defines 2 bit maps within the response variable returned from user space on a permission event. The first field is 3 bits for the context type. The context type will describe what the meaning is of the second bit field. The audit system will separate the pieces and log them individually. The audit function was updated to log the additional information in the AUDIT_FANOTIFY record. The following is an example of the new record format: type=FANOTIFY msg=audit(1600385147.372:590): resp=2 ctx_type=1 fan_ctx=17 Steve Grubb (3): fanotify: Ensure consistent variable type for response fanotify: define bit map fields to hold response decision context fanotify: Allow audit to use the full permission event response fs/notify/fanotify/fanotify.c | 5 ++--- fs/notify/fanotify/fanotify.h | 2 +- fs/notify/fanotify/fanotify_user.c | 11 +++-------- include/linux/fanotify.h | 5 +++++ include/uapi/linux/fanotify.h | 31 ++++++++++++++++++++++++++++++ kernel/auditsc.c | 7 +++++-- 6 files changed, 47 insertions(+), 14 deletions(-) -- 2.26.2 -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
next reply other threads:[~2020-09-30 16:12 UTC|newest] Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-09-30 16:12 Steve Grubb [this message] 2020-09-30 16:12 ` [PATCH 0/3] fanotify: Allow user space to pass back additional audit info Steve Grubb
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=2042449.irdbgypaU6@x2 \ --to=sgrubb@redhat.com \ --cc=amir73il@gmail.com \ --cc=eparis@redhat.com \ --cc=jack@suse.cz \ --cc=linux-audit@redhat.com \ --cc=linux-fsdevel@vger.kernel.org \ --cc=paul@paul-moore.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.