From: "Weiß, Michael" <michael.weiss@aisec.fraunhofer.de>
To: "casey@schaufler-ca.com" <casey@schaufler-ca.com>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-audit@redhat.com" <linux-audit@redhat.com>,
"agk@redhat.com" <agk@redhat.com>,
"linux-raid@vger.kernel.org" <linux-raid@vger.kernel.org>,
"song@kernel.org" <song@kernel.org>,
"eparis@redhat.com" <eparis@redhat.com>,
"snitzer@redhat.com" <snitzer@redhat.com>,
"dm-devel@redhat.com" <dm-devel@redhat.com>
Subject: Re: [PATCH 1/3] dm: introduce audit event module for device mapper
Date: Fri, 13 Aug 2021 06:59:15 +0000 [thread overview]
Message-ID: <e82a0835059181fedbc5b143329b0594151f8221.camel@aisec.fraunhofer.de> (raw)
In-Reply-To: <7f28b3b4-c0a2-cb03-09fd-e0705959576a@schaufler-ca.com>
Hi Casey,
On Thu, 2021-08-12 at 10:08 -0700, Casey Schaufler wrote:
> On 8/12/2021 7:57 AM, Michael Weiß wrote:
> > To be able to send auditing events to user space, we introduce
> > a generic dm-audit module. It provides helper functions to emit
> > audit events through the kernel audit subsystem. We claim the
> > AUDIT_DM type=1336 out of the audit event messages range in the
> > corresponding userspace api in 'include/uapi/linux/audit.h' for
> > those events.
> >
> > Following commits to device mapper targets actually will make
> > use of this to emit those events in relevant cases.
> >
> > Signed-off-by: Michael Weiß <michael.weiss@aisec.fraunhofer.de>
> > ---
> > drivers/md/Kconfig | 10 +++++++
> > drivers/md/Makefile | 4 +++
> > drivers/md/dm-audit.c | 59 ++++++++++++++++++++++++++++++++++++++
> > drivers/md/dm-audit.h | 33 +++++++++++++++++++++
> > include/uapi/linux/audit.h | 2 ++
> > 5 files changed, 108 insertions(+)
> > create mode 100644 drivers/md/dm-audit.c
> > create mode 100644 drivers/md/dm-audit.h
> >
> > diff --git a/drivers/md/Kconfig b/drivers/md/Kconfig
> > index 0602e82a9516..fd54c713a03e 100644
> > --- a/drivers/md/Kconfig
> > +++ b/drivers/md/Kconfig
> > @@ -608,6 +608,7 @@ config DM_INTEGRITY
> > select CRYPTO
> > select CRYPTO_SKCIPHER
> > select ASYNC_XOR
> > + select DM_AUDIT if AUDIT
> > help
> > This device-mapper target emulates a block device that has
> > additional per-sector tags that can be used for storing
> > @@ -640,4 +641,13 @@ config DM_ZONED
> >
> > If unsure, say N.
> >
> > +config DM_AUDIT
> > + bool "DM audit events"
> > + depends on AUDIT
> > + help
> > + Generate audit events for device-mapper.
> > +
> > + Enables audit loging of several security relevant events in the
>
> s/loging/logging/
>
> > + particular device-mapper targets, especially the integrity target.
> > +
> > endif # MD
> > diff --git a/drivers/md/Makefile b/drivers/md/Makefile
> > index a74aaf8b1445..4cd47623c742 100644
> > --- a/drivers/md/Makefile
> > +++ b/drivers/md/Makefile
> > @@ -103,3 +103,7 @@ endif
> > ifeq ($(CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG),y)
> > dm-verity-objs += dm-verity-verify-sig.o
> > endif
> > +
> > +ifeq ($(CONFIG_DM_AUDIT),y)
> > +dm-mod-objs += dm-audit.o
> > +endif
> > diff --git a/drivers/md/dm-audit.c b/drivers/md/dm-audit.c
> > new file mode 100644
> > index 000000000000..c7e5824821bb
> > --- /dev/null
> > +++ b/drivers/md/dm-audit.c
> > @@ -0,0 +1,59 @@
> > +// SPDX-License-Identifier: GPL-2.0
> > +/*
> > + * Creating audit records for mapped devices.
> > + *
> > + * Copyright (C) 2021 Fraunhofer AISEC. All rights reserved.
> > + *
> > + * Authors: Michael Weiß <michael.weiss@aisec.fraunhofer.de>
> > + */
> > +
> > +#include <linux/audit.h>
> > +#include <linux/module.h>
> > +#include <linux/device-mapper.h>
> > +#include <linux/bio.h>
> > +#include <linux/blkdev.h>
> > +
> > +#include "dm-audit.h"
> > +#include "dm-core.h"
> > +
> > +void dm_audit_log_bio(const char *dm_msg_prefix, const char *op,
> > + struct bio *bio, sector_t sector, int result)
> > +{
> > + struct audit_buffer *ab;
> > +
> > + if (audit_enabled == AUDIT_OFF)
> > + return;
> > +
> > + ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_DM);
> > + if (unlikely(!ab))
> > + return;
> > +
> > + audit_log_format(ab, "module=%s dev=%d:%d op=%s sector=%llu res=%d",
> > + dm_msg_prefix, MAJOR(bio->bi_bdev->bd_dev),
> > + MINOR(bio->bi_bdev->bd_dev), op, sector, result);
> > + audit_log_end(ab);
> > +}
> > +EXPORT_SYMBOL_GPL(dm_audit_log_bio);
> > +
> > +void dm_audit_log_target(const char *dm_msg_prefix, const char *op,
> > + struct dm_target *ti, int result)
> > +{
> > + struct audit_buffer *ab;
> > + struct mapped_device *md = dm_table_get_md(ti->table);
> > +
> > + if (audit_enabled == AUDIT_OFF)
> > + return;
> > +
> > + ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_DM);
> > + if (unlikely(!ab))
> > + return;
> > +
> > + audit_log_format(ab, "module=%s dev=%s op=%s",
> > + dm_msg_prefix, dm_device_name(md), op);
> > +
> > + if (!result && !strcmp("ctr", op))
> > + audit_log_format(ab, " error_msg='%s'", ti->error);
> > + audit_log_format(ab, " res=%d", result);
> > + audit_log_end(ab);
> > +}
> > +EXPORT_SYMBOL_GPL(dm_audit_log_target);
> > diff --git a/drivers/md/dm-audit.h b/drivers/md/dm-audit.h
> > new file mode 100644
> > index 000000000000..9db4955d32e1
> > --- /dev/null
> > +++ b/drivers/md/dm-audit.h
> > @@ -0,0 +1,33 @@
> > +/* SPDX-License-Identifier: GPL-2.0 */
> > +/*
> > + * Creating audit records for mapped devices.
> > + *
> > + * Copyright (C) 2021 Fraunhofer AISEC. All rights reserved.
> > + *
> > + * Authors: Michael Weiß <michael.weiss@aisec.fraunhofer.de>
> > + */
> > +
> > +#ifndef DM_AUDIT_H
> > +#define DM_AUDIT_H
> > +
> > +#include <linux/device-mapper.h>
> > +
> > +#ifdef CONFIG_DM_AUDIT
> > +void dm_audit_log_bio(const char *dm_msg_prefix, const char *op,
> > + struct bio *bio, sector_t sector, int result);
> > +void dm_audit_log_target(const char *dm_msg_prefix, const char *op,
> > + struct dm_target *ti, int result);
> > +#else
> > +static inline void dm_audit_log_bio(const char *dm_msg_prefix, const char *op,
> > + struct bio *bio, sector_t sector,
> > + int result);
> > +{
> > +}
kernel test robot spotted a syntax error if CONFIG_DM_AUDIT is
not set here, too. Will fix this in v2.
> > +static inline void dm_audit_log_target(const char *dm_msg_prefix,
> > + const char *op, struct dm_target *ti,
> > + int result);
> > +{
> > +}
> > +#endif
> > +
> > +#endif
> > diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
> > index daa481729e9b..9d766fcbcf62 100644
> > --- a/include/uapi/linux/audit.h
> > +++ b/include/uapi/linux/audit.h
> > @@ -118,6 +118,7 @@
> > #define AUDIT_TIME_ADJNTPVAL 1333 /* NTP value adjustment */
> > #define AUDIT_BPF 1334 /* BPF subsystem */
> > #define AUDIT_EVENT_LISTENER 1335 /* Task joined multicast read socket */
> > +#define AUDIT_DM 1336 /* Device Mapper events */
> >
> > #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */
> > #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */
> > @@ -140,6 +141,7 @@
> > #define AUDIT_MAC_CALIPSO_ADD 1418 /* NetLabel: add CALIPSO DOI entry */
> > #define AUDIT_MAC_CALIPSO_DEL 1419 /* NetLabel: del CALIPSO DOI entry */
> >
> > +
>
> Unnecessary additional whitespace.
>
> > #define AUDIT_FIRST_KERN_ANOM_MSG 1700
> > #define AUDIT_LAST_KERN_ANOM_MSG 1799
> > #define AUDIT_ANOM_PROMISCUOUS 1700 /* Device changed promiscuous mode */
Thanks for spotting the errors, I will fix them in v2.
Regards,
Michael
WARNING: multiple messages have this Message-ID (diff)
From: "Weiß, Michael" <michael.weiss@aisec.fraunhofer.de>
To: "casey@schaufler-ca.com" <casey@schaufler-ca.com>
Cc: "snitzer@redhat.com" <snitzer@redhat.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"eparis@redhat.com" <eparis@redhat.com>,
"linux-raid@vger.kernel.org" <linux-raid@vger.kernel.org>,
"song@kernel.org" <song@kernel.org>,
"dm-devel@redhat.com" <dm-devel@redhat.com>,
"linux-audit@redhat.com" <linux-audit@redhat.com>,
"agk@redhat.com" <agk@redhat.com>
Subject: Re: [PATCH 1/3] dm: introduce audit event module for device mapper
Date: Fri, 13 Aug 2021 06:59:15 +0000 [thread overview]
Message-ID: <e82a0835059181fedbc5b143329b0594151f8221.camel@aisec.fraunhofer.de> (raw)
In-Reply-To: <7f28b3b4-c0a2-cb03-09fd-e0705959576a@schaufler-ca.com>
Hi Casey,
On Thu, 2021-08-12 at 10:08 -0700, Casey Schaufler wrote:
> On 8/12/2021 7:57 AM, Michael Weiß wrote:
> > To be able to send auditing events to user space, we introduce
> > a generic dm-audit module. It provides helper functions to emit
> > audit events through the kernel audit subsystem. We claim the
> > AUDIT_DM type=1336 out of the audit event messages range in the
> > corresponding userspace api in 'include/uapi/linux/audit.h' for
> > those events.
> >
> > Following commits to device mapper targets actually will make
> > use of this to emit those events in relevant cases.
> >
> > Signed-off-by: Michael Weiß <michael.weiss@aisec.fraunhofer.de>
> > ---
> > drivers/md/Kconfig | 10 +++++++
> > drivers/md/Makefile | 4 +++
> > drivers/md/dm-audit.c | 59 ++++++++++++++++++++++++++++++++++++++
> > drivers/md/dm-audit.h | 33 +++++++++++++++++++++
> > include/uapi/linux/audit.h | 2 ++
> > 5 files changed, 108 insertions(+)
> > create mode 100644 drivers/md/dm-audit.c
> > create mode 100644 drivers/md/dm-audit.h
> >
> > diff --git a/drivers/md/Kconfig b/drivers/md/Kconfig
> > index 0602e82a9516..fd54c713a03e 100644
> > --- a/drivers/md/Kconfig
> > +++ b/drivers/md/Kconfig
> > @@ -608,6 +608,7 @@ config DM_INTEGRITY
> > select CRYPTO
> > select CRYPTO_SKCIPHER
> > select ASYNC_XOR
> > + select DM_AUDIT if AUDIT
> > help
> > This device-mapper target emulates a block device that has
> > additional per-sector tags that can be used for storing
> > @@ -640,4 +641,13 @@ config DM_ZONED
> >
> > If unsure, say N.
> >
> > +config DM_AUDIT
> > + bool "DM audit events"
> > + depends on AUDIT
> > + help
> > + Generate audit events for device-mapper.
> > +
> > + Enables audit loging of several security relevant events in the
>
> s/loging/logging/
>
> > + particular device-mapper targets, especially the integrity target.
> > +
> > endif # MD
> > diff --git a/drivers/md/Makefile b/drivers/md/Makefile
> > index a74aaf8b1445..4cd47623c742 100644
> > --- a/drivers/md/Makefile
> > +++ b/drivers/md/Makefile
> > @@ -103,3 +103,7 @@ endif
> > ifeq ($(CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG),y)
> > dm-verity-objs += dm-verity-verify-sig.o
> > endif
> > +
> > +ifeq ($(CONFIG_DM_AUDIT),y)
> > +dm-mod-objs += dm-audit.o
> > +endif
> > diff --git a/drivers/md/dm-audit.c b/drivers/md/dm-audit.c
> > new file mode 100644
> > index 000000000000..c7e5824821bb
> > --- /dev/null
> > +++ b/drivers/md/dm-audit.c
> > @@ -0,0 +1,59 @@
> > +// SPDX-License-Identifier: GPL-2.0
> > +/*
> > + * Creating audit records for mapped devices.
> > + *
> > + * Copyright (C) 2021 Fraunhofer AISEC. All rights reserved.
> > + *
> > + * Authors: Michael Weiß <michael.weiss@aisec.fraunhofer.de>
> > + */
> > +
> > +#include <linux/audit.h>
> > +#include <linux/module.h>
> > +#include <linux/device-mapper.h>
> > +#include <linux/bio.h>
> > +#include <linux/blkdev.h>
> > +
> > +#include "dm-audit.h"
> > +#include "dm-core.h"
> > +
> > +void dm_audit_log_bio(const char *dm_msg_prefix, const char *op,
> > + struct bio *bio, sector_t sector, int result)
> > +{
> > + struct audit_buffer *ab;
> > +
> > + if (audit_enabled == AUDIT_OFF)
> > + return;
> > +
> > + ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_DM);
> > + if (unlikely(!ab))
> > + return;
> > +
> > + audit_log_format(ab, "module=%s dev=%d:%d op=%s sector=%llu res=%d",
> > + dm_msg_prefix, MAJOR(bio->bi_bdev->bd_dev),
> > + MINOR(bio->bi_bdev->bd_dev), op, sector, result);
> > + audit_log_end(ab);
> > +}
> > +EXPORT_SYMBOL_GPL(dm_audit_log_bio);
> > +
> > +void dm_audit_log_target(const char *dm_msg_prefix, const char *op,
> > + struct dm_target *ti, int result)
> > +{
> > + struct audit_buffer *ab;
> > + struct mapped_device *md = dm_table_get_md(ti->table);
> > +
> > + if (audit_enabled == AUDIT_OFF)
> > + return;
> > +
> > + ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_DM);
> > + if (unlikely(!ab))
> > + return;
> > +
> > + audit_log_format(ab, "module=%s dev=%s op=%s",
> > + dm_msg_prefix, dm_device_name(md), op);
> > +
> > + if (!result && !strcmp("ctr", op))
> > + audit_log_format(ab, " error_msg='%s'", ti->error);
> > + audit_log_format(ab, " res=%d", result);
> > + audit_log_end(ab);
> > +}
> > +EXPORT_SYMBOL_GPL(dm_audit_log_target);
> > diff --git a/drivers/md/dm-audit.h b/drivers/md/dm-audit.h
> > new file mode 100644
> > index 000000000000..9db4955d32e1
> > --- /dev/null
> > +++ b/drivers/md/dm-audit.h
> > @@ -0,0 +1,33 @@
> > +/* SPDX-License-Identifier: GPL-2.0 */
> > +/*
> > + * Creating audit records for mapped devices.
> > + *
> > + * Copyright (C) 2021 Fraunhofer AISEC. All rights reserved.
> > + *
> > + * Authors: Michael Weiß <michael.weiss@aisec.fraunhofer.de>
> > + */
> > +
> > +#ifndef DM_AUDIT_H
> > +#define DM_AUDIT_H
> > +
> > +#include <linux/device-mapper.h>
> > +
> > +#ifdef CONFIG_DM_AUDIT
> > +void dm_audit_log_bio(const char *dm_msg_prefix, const char *op,
> > + struct bio *bio, sector_t sector, int result);
> > +void dm_audit_log_target(const char *dm_msg_prefix, const char *op,
> > + struct dm_target *ti, int result);
> > +#else
> > +static inline void dm_audit_log_bio(const char *dm_msg_prefix, const char *op,
> > + struct bio *bio, sector_t sector,
> > + int result);
> > +{
> > +}
kernel test robot spotted a syntax error if CONFIG_DM_AUDIT is
not set here, too. Will fix this in v2.
> > +static inline void dm_audit_log_target(const char *dm_msg_prefix,
> > + const char *op, struct dm_target *ti,
> > + int result);
> > +{
> > +}
> > +#endif
> > +
> > +#endif
> > diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
> > index daa481729e9b..9d766fcbcf62 100644
> > --- a/include/uapi/linux/audit.h
> > +++ b/include/uapi/linux/audit.h
> > @@ -118,6 +118,7 @@
> > #define AUDIT_TIME_ADJNTPVAL 1333 /* NTP value adjustment */
> > #define AUDIT_BPF 1334 /* BPF subsystem */
> > #define AUDIT_EVENT_LISTENER 1335 /* Task joined multicast read socket */
> > +#define AUDIT_DM 1336 /* Device Mapper events */
> >
> > #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */
> > #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */
> > @@ -140,6 +141,7 @@
> > #define AUDIT_MAC_CALIPSO_ADD 1418 /* NetLabel: add CALIPSO DOI entry */
> > #define AUDIT_MAC_CALIPSO_DEL 1419 /* NetLabel: del CALIPSO DOI entry */
> >
> > +
>
> Unnecessary additional whitespace.
>
> > #define AUDIT_FIRST_KERN_ANOM_MSG 1700
> > #define AUDIT_LAST_KERN_ANOM_MSG 1799
> > #define AUDIT_ANOM_PROMISCUOUS 1700 /* Device changed promiscuous mode */
Thanks for spotting the errors, I will fix them in v2.
Regards,
Michael
--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit
WARNING: multiple messages have this Message-ID (diff)
From: "Weiß, Michael" <michael.weiss@aisec.fraunhofer.de>
To: "casey@schaufler-ca.com" <casey@schaufler-ca.com>
Cc: "snitzer@redhat.com" <snitzer@redhat.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"eparis@redhat.com" <eparis@redhat.com>,
"linux-raid@vger.kernel.org" <linux-raid@vger.kernel.org>,
"song@kernel.org" <song@kernel.org>,
"dm-devel@redhat.com" <dm-devel@redhat.com>,
"linux-audit@redhat.com" <linux-audit@redhat.com>,
"agk@redhat.com" <agk@redhat.com>
Subject: Re: [dm-devel] [PATCH 1/3] dm: introduce audit event module for device mapper
Date: Fri, 13 Aug 2021 06:59:15 +0000 [thread overview]
Message-ID: <e82a0835059181fedbc5b143329b0594151f8221.camel@aisec.fraunhofer.de> (raw)
In-Reply-To: <7f28b3b4-c0a2-cb03-09fd-e0705959576a@schaufler-ca.com>
Hi Casey,
On Thu, 2021-08-12 at 10:08 -0700, Casey Schaufler wrote:
> On 8/12/2021 7:57 AM, Michael Weiß wrote:
> > To be able to send auditing events to user space, we introduce
> > a generic dm-audit module. It provides helper functions to emit
> > audit events through the kernel audit subsystem. We claim the
> > AUDIT_DM type=1336 out of the audit event messages range in the
> > corresponding userspace api in 'include/uapi/linux/audit.h' for
> > those events.
> >
> > Following commits to device mapper targets actually will make
> > use of this to emit those events in relevant cases.
> >
> > Signed-off-by: Michael Weiß <michael.weiss@aisec.fraunhofer.de>
> > ---
> > drivers/md/Kconfig | 10 +++++++
> > drivers/md/Makefile | 4 +++
> > drivers/md/dm-audit.c | 59 ++++++++++++++++++++++++++++++++++++++
> > drivers/md/dm-audit.h | 33 +++++++++++++++++++++
> > include/uapi/linux/audit.h | 2 ++
> > 5 files changed, 108 insertions(+)
> > create mode 100644 drivers/md/dm-audit.c
> > create mode 100644 drivers/md/dm-audit.h
> >
> > diff --git a/drivers/md/Kconfig b/drivers/md/Kconfig
> > index 0602e82a9516..fd54c713a03e 100644
> > --- a/drivers/md/Kconfig
> > +++ b/drivers/md/Kconfig
> > @@ -608,6 +608,7 @@ config DM_INTEGRITY
> > select CRYPTO
> > select CRYPTO_SKCIPHER
> > select ASYNC_XOR
> > + select DM_AUDIT if AUDIT
> > help
> > This device-mapper target emulates a block device that has
> > additional per-sector tags that can be used for storing
> > @@ -640,4 +641,13 @@ config DM_ZONED
> >
> > If unsure, say N.
> >
> > +config DM_AUDIT
> > + bool "DM audit events"
> > + depends on AUDIT
> > + help
> > + Generate audit events for device-mapper.
> > +
> > + Enables audit loging of several security relevant events in the
>
> s/loging/logging/
>
> > + particular device-mapper targets, especially the integrity target.
> > +
> > endif # MD
> > diff --git a/drivers/md/Makefile b/drivers/md/Makefile
> > index a74aaf8b1445..4cd47623c742 100644
> > --- a/drivers/md/Makefile
> > +++ b/drivers/md/Makefile
> > @@ -103,3 +103,7 @@ endif
> > ifeq ($(CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG),y)
> > dm-verity-objs += dm-verity-verify-sig.o
> > endif
> > +
> > +ifeq ($(CONFIG_DM_AUDIT),y)
> > +dm-mod-objs += dm-audit.o
> > +endif
> > diff --git a/drivers/md/dm-audit.c b/drivers/md/dm-audit.c
> > new file mode 100644
> > index 000000000000..c7e5824821bb
> > --- /dev/null
> > +++ b/drivers/md/dm-audit.c
> > @@ -0,0 +1,59 @@
> > +// SPDX-License-Identifier: GPL-2.0
> > +/*
> > + * Creating audit records for mapped devices.
> > + *
> > + * Copyright (C) 2021 Fraunhofer AISEC. All rights reserved.
> > + *
> > + * Authors: Michael Weiß <michael.weiss@aisec.fraunhofer.de>
> > + */
> > +
> > +#include <linux/audit.h>
> > +#include <linux/module.h>
> > +#include <linux/device-mapper.h>
> > +#include <linux/bio.h>
> > +#include <linux/blkdev.h>
> > +
> > +#include "dm-audit.h"
> > +#include "dm-core.h"
> > +
> > +void dm_audit_log_bio(const char *dm_msg_prefix, const char *op,
> > + struct bio *bio, sector_t sector, int result)
> > +{
> > + struct audit_buffer *ab;
> > +
> > + if (audit_enabled == AUDIT_OFF)
> > + return;
> > +
> > + ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_DM);
> > + if (unlikely(!ab))
> > + return;
> > +
> > + audit_log_format(ab, "module=%s dev=%d:%d op=%s sector=%llu res=%d",
> > + dm_msg_prefix, MAJOR(bio->bi_bdev->bd_dev),
> > + MINOR(bio->bi_bdev->bd_dev), op, sector, result);
> > + audit_log_end(ab);
> > +}
> > +EXPORT_SYMBOL_GPL(dm_audit_log_bio);
> > +
> > +void dm_audit_log_target(const char *dm_msg_prefix, const char *op,
> > + struct dm_target *ti, int result)
> > +{
> > + struct audit_buffer *ab;
> > + struct mapped_device *md = dm_table_get_md(ti->table);
> > +
> > + if (audit_enabled == AUDIT_OFF)
> > + return;
> > +
> > + ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_DM);
> > + if (unlikely(!ab))
> > + return;
> > +
> > + audit_log_format(ab, "module=%s dev=%s op=%s",
> > + dm_msg_prefix, dm_device_name(md), op);
> > +
> > + if (!result && !strcmp("ctr", op))
> > + audit_log_format(ab, " error_msg='%s'", ti->error);
> > + audit_log_format(ab, " res=%d", result);
> > + audit_log_end(ab);
> > +}
> > +EXPORT_SYMBOL_GPL(dm_audit_log_target);
> > diff --git a/drivers/md/dm-audit.h b/drivers/md/dm-audit.h
> > new file mode 100644
> > index 000000000000..9db4955d32e1
> > --- /dev/null
> > +++ b/drivers/md/dm-audit.h
> > @@ -0,0 +1,33 @@
> > +/* SPDX-License-Identifier: GPL-2.0 */
> > +/*
> > + * Creating audit records for mapped devices.
> > + *
> > + * Copyright (C) 2021 Fraunhofer AISEC. All rights reserved.
> > + *
> > + * Authors: Michael Weiß <michael.weiss@aisec.fraunhofer.de>
> > + */
> > +
> > +#ifndef DM_AUDIT_H
> > +#define DM_AUDIT_H
> > +
> > +#include <linux/device-mapper.h>
> > +
> > +#ifdef CONFIG_DM_AUDIT
> > +void dm_audit_log_bio(const char *dm_msg_prefix, const char *op,
> > + struct bio *bio, sector_t sector, int result);
> > +void dm_audit_log_target(const char *dm_msg_prefix, const char *op,
> > + struct dm_target *ti, int result);
> > +#else
> > +static inline void dm_audit_log_bio(const char *dm_msg_prefix, const char *op,
> > + struct bio *bio, sector_t sector,
> > + int result);
> > +{
> > +}
kernel test robot spotted a syntax error if CONFIG_DM_AUDIT is
not set here, too. Will fix this in v2.
> > +static inline void dm_audit_log_target(const char *dm_msg_prefix,
> > + const char *op, struct dm_target *ti,
> > + int result);
> > +{
> > +}
> > +#endif
> > +
> > +#endif
> > diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
> > index daa481729e9b..9d766fcbcf62 100644
> > --- a/include/uapi/linux/audit.h
> > +++ b/include/uapi/linux/audit.h
> > @@ -118,6 +118,7 @@
> > #define AUDIT_TIME_ADJNTPVAL 1333 /* NTP value adjustment */
> > #define AUDIT_BPF 1334 /* BPF subsystem */
> > #define AUDIT_EVENT_LISTENER 1335 /* Task joined multicast read socket */
> > +#define AUDIT_DM 1336 /* Device Mapper events */
> >
> > #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */
> > #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */
> > @@ -140,6 +141,7 @@
> > #define AUDIT_MAC_CALIPSO_ADD 1418 /* NetLabel: add CALIPSO DOI entry */
> > #define AUDIT_MAC_CALIPSO_DEL 1419 /* NetLabel: del CALIPSO DOI entry */
> >
> > +
>
> Unnecessary additional whitespace.
>
> > #define AUDIT_FIRST_KERN_ANOM_MSG 1700
> > #define AUDIT_LAST_KERN_ANOM_MSG 1799
> > #define AUDIT_ANOM_PROMISCUOUS 1700 /* Device changed promiscuous mode */
Thanks for spotting the errors, I will fix them in v2.
Regards,
Michael
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/dm-devel
next prev parent reply other threads:[~2021-08-13 7:07 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-12 14:57 [PATCH 0/3] dm: audit event logging Michael Weiß
2021-08-12 14:57 ` [dm-devel] " Michael Weiß
2021-08-12 14:57 ` Michael Weiß
2021-08-12 14:57 ` [PATCH 1/3] dm: introduce audit event module for device mapper Michael Weiß
2021-08-12 14:57 ` [dm-devel] " Michael Weiß
2021-08-12 14:57 ` Michael Weiß
2021-08-12 17:08 ` Casey Schaufler
2021-08-12 17:08 ` [dm-devel] " Casey Schaufler
2021-08-12 17:08 ` Casey Schaufler
2021-08-13 6:59 ` Weiß, Michael [this message]
2021-08-13 6:59 ` [dm-devel] " Weiß, Michael
2021-08-13 6:59 ` Weiß, Michael
2021-08-12 14:57 ` [PATCH 2/3] dm integrity: log audit events for dm-integrity target Michael Weiß
2021-08-12 14:57 ` [dm-devel] " Michael Weiß
2021-08-12 14:57 ` Michael Weiß
2021-08-12 17:20 ` kernel test robot
2021-08-12 17:20 ` kernel test robot
2021-08-12 17:20 ` [dm-devel] " kernel test robot
2021-08-12 17:20 ` kernel test robot
2021-08-12 14:57 ` [PATCH 3/3] dm crypt: log aead integrity violations to audit subsystem Michael Weiß
2021-08-12 14:57 ` [dm-devel] " Michael Weiß
2021-08-12 14:57 ` Michael Weiß
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e82a0835059181fedbc5b143329b0594151f8221.camel@aisec.fraunhofer.de \
--to=michael.weiss@aisec.fraunhofer.de \
--cc=agk@redhat.com \
--cc=casey@schaufler-ca.com \
--cc=dm-devel@redhat.com \
--cc=eparis@redhat.com \
--cc=linux-audit@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-raid@vger.kernel.org \
--cc=snitzer@redhat.com \
--cc=song@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.