From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.5 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A877BC433E0 for ; Wed, 17 Mar 2021 15:58:52 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 11C7564F17 for ; Wed, 17 Mar 2021 15:58:51 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 11C7564F17 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=tempfail smtp.mailfrom=linux-audit-bounces@redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1615996730; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=JJoMl4ioyWI2Ao6z9Goyx6nCgPugPUBqzmfPqDq4Bmo=; b=Bl7PfGutzoIJlZyf6j3ehM6cikRgh7x2UOsFRB1iPFWn1SBEGRQU0hIgjgMQlqMPEXaJaI IOXXydH805wU0OgXT7OxgmgP5QcIFrbSfyMncg9Aq1fzy+6x5oEswRou6U8YGQi083vyX/ QLuyVu8S+leFBCwxwLYmyuIo1csgulM= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-432--N3dj-yqPByG7_pOafu8PA-1; Wed, 17 Mar 2021 11:58:49 -0400 X-MC-Unique: -N3dj-yqPByG7_pOafu8PA-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 34D8D1093C44; Wed, 17 Mar 2021 15:58:35 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id BDA9C1893C; Wed, 17 Mar 2021 15:58:34 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id E009F1809C83; Wed, 17 Mar 2021 15:58:33 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 12HFwWjS025438 for ; Wed, 17 Mar 2021 11:58:32 -0400 Received: by smtp.corp.redhat.com (Postfix) id 01E3A5D9CA; Wed, 17 Mar 2021 15:58:32 +0000 (UTC) Received: from madcap2.tricolour.ca (unknown [10.10.110.12]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A53EA5D9C0; Wed, 17 Mar 2021 15:58:30 +0000 (UTC) Date: Wed, 17 Mar 2021 11:58:28 -0400 From: Richard Guy Briggs To: Paul Moore Subject: Re: [PATCH 1/2] audit: document /proc/PID/loginuid Message-ID: <20210317155828.GI3141668@madcap2.tricolour.ca> References: MIME-Version: 1.0 In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: linux-audit@redhat.com Cc: Eric Paris , Linux-Audit Mailing List , LKML X-BeenThere: linux-audit@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Linux Audit Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=linux-audit-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Disposition: inline Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit On 2021-03-12 14:15, Paul Moore wrote: > On Thu, Mar 11, 2021 at 11:41 AM Richard Guy Briggs wrote: > > Describe the /proc/PID/loginuid interface in Documentation/ABI/stable that > > was added 2005-02-01 by commit 1e2d1492e178 ("[PATCH] audit: handle > > loginuid through proc") > > > > Signed-off-by: Richard Guy Briggs > > --- > > Documentation/ABI/stable/procfs-audit_loginuid | 15 +++++++++++++++ > > 1 file changed, 15 insertions(+) > > create mode 100644 Documentation/ABI/stable/procfs-audit_loginuid > > After ~15 years, it might be time ;) > > > diff --git a/Documentation/ABI/stable/procfs-audit_loginuid b/Documentation/ABI/stable/procfs-audit_loginuid > > new file mode 100664 > > index 000000000000..fae63bef2970 > > --- /dev/null > > +++ b/Documentation/ABI/stable/procfs-audit_loginuid > > @@ -0,0 +1,15 @@ > > +What: Audit Login UID > > +Date: 2005-02-01 > > +KernelVersion: 2.6.11-rc2 1e2d1492e178 ("[PATCH] audit: handle loginuid through proc") > > +Contact: linux-audit@redhat.com > > +Format: u32 > > I haven't applied the patch, but I'm going to assume that the "u32" > lines up correctly with the rest of the entries, right? Yes, they do. I'm wondering if they should read instead "%u" since the internal kernel representation isn't as important as what format (number base) is expected and presented. > > +Users: auditd, libaudit, audit-testsuite, login > > I think these entries are a bit too specific as I expect the kernel to > outlive most userspace libraries and applications. I would suggest > "audit and login applications" or something similar. In other examples, users range from a description to an email address, to a URI, to a repository name or address, to a package name, to specific files. I'd prefer to be as specific as reasonably possible without going into gory detail. > > +Description: > > + The /proc/$pid/loginuid pseudofile is written to set and > > I'm really in no position to critique someone's English grammar, but > if we're talking about changes I might add a comma after "set", "... > is written to set, and read to get ...". This would be the Oxford comma debate, and has a sronger preference by USA-ians that Brits. It can help disambiguate meaning in a list of three or more items. > > + read to get the audit login UID of process $pid. If it is > > + unset, permissions are not needed to set it. The accessor must > > + have CAP_AUDIT_CONTROL in the initial user namespace to write > > + it if it has been set. It cannot be written again if > > + AUDIT_FEATURE_LOGINUID_IMMUTABLE is enabled. It cannot be > > + unset if AUDIT_FEATURE_ONLY_UNSET_LOGINUID is enabled. > > paul moore - RGB -- Richard Guy Briggs Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635 -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit