From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 82D73C2BB1D for ; Fri, 13 Mar 2020 16:49:45 +0000 (UTC) Received: from us-smtp-delivery-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 352012074B for ; Fri, 13 Mar 2020 16:49:44 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="Spok9qms" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 352012074B Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=paul-moore.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=linux-audit-bounces@redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1584118184; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=hdYUXS4ZtgZVynvieEUAYpLvlDk5WmIbmfgmGsHitMY=; b=Spok9qmsVrY4WwDMc/+lfGHs/kTCOF1pLRQzDou4lgR46S+XrYdAOSWpgn0c1vAaJpJWEh BrxGLPF8DRJwcp87Gp5ncyvU2PjWi3m/AoKp05MIzTcIk3bBpmy0deTmvcBw40jUfp0291 AowLmEEGknt6KANxdEOujpJg1K2PNRg= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-139-iqZsoBsxNpiaDma5GV68Vg-1; Fri, 13 Mar 2020 12:49:41 -0400 X-MC-Unique: iqZsoBsxNpiaDma5GV68Vg-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 2DD5713FA; Fri, 13 Mar 2020 16:49:38 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0CB2D100164D; Fri, 13 Mar 2020 16:49:38 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id BAD9D18089C8; Fri, 13 Mar 2020 16:49:37 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 02DGnaSV011662 for ; Fri, 13 Mar 2020 12:49:36 -0400 Received: by smtp.corp.redhat.com (Postfix) id 6F2DD2166B30; Fri, 13 Mar 2020 16:49:36 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast04.extmail.prod.ext.rdu2.redhat.com [10.11.55.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 6B3BF2166B32 for ; Fri, 13 Mar 2020 16:49:33 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A5C8B1011E01 for ; Fri, 13 Mar 2020 16:49:33 +0000 (UTC) Received: from mail-ed1-f66.google.com (mail-ed1-f66.google.com [209.85.208.66]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-239-qsYnvuTvPKOd0v1DcaCG9g-1; Fri, 13 Mar 2020 12:49:31 -0400 X-MC-Unique: qsYnvuTvPKOd0v1DcaCG9g-1 Received: by mail-ed1-f66.google.com with SMTP id h62so12638016edd.12 for ; Fri, 13 Mar 2020 09:49:30 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=YGG5XY3Ewg2kr6ydPgEVpPEQe8Bu0vVCZeuUuZTd/eQ=; b=LshXpyMdNHKVn4WN6l8TQ0u0MHpKCyI3j040SEvG5t0PIIdEWughLQvQk5yu6Rc6PY LGV3yXq54HnMhIaRb5lb3xpmu4JeK/bTCN3twD11o4e3wYW1g9zZEHu0D8H0cfuaIYDe a9F89uVPGxD6KrbjKd0wRl6m2QpbthvBCceN57QiYMjEk1OfANeBjENSuITHuf/j9E7U uMwdZVYi87uAu7HgimLfARdiwzJuXtfviqdZI1YiOEA31Hdtrv0bIVMfn2NHkdAlYSMh wCYKYlFkf5dYTbwTEOkDVhUEn7EWMgox7C/jNBxRF7xZoSZwTiYqu1Ftd6+I9Sgv6aMf TNSA== X-Gm-Message-State: ANhLgQ34u9PVFQ614w4i+bRpsEUVAxuYI2ql5wrQyEUZXbqXymRU1e3A OS/BLdA5gN4SF/ffuIy1Y0jWCEwSyVeFpyqKwl4v X-Google-Smtp-Source: ADFU+vv+9NsRZqnIPliXMbq5GOtlCub1wdzEkmolWWP97LJYncHkT1zJ8K+tAtQcCN/BN4QsA0IqfHmFy6PXx2taKa0= X-Received: by 2002:aa7:dd01:: with SMTP id i1mr14078117edv.164.1584118169827; Fri, 13 Mar 2020 09:49:29 -0700 (PDT) MIME-Version: 1.0 References: <20200312202733.7kli64zsnqc4mrd2@madcap2.tricolour.ca> <2588582.z15pWOfGEt@x2> In-Reply-To: <2588582.z15pWOfGEt@x2> From: Paul Moore Date: Fri, 13 Mar 2020 12:49:18 -0400 Message-ID: Subject: Re: [PATCH ghak90 V8 07/16] audit: add contid support for signalling the audit daemon To: Steve Grubb X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-MIME-Autoconverted: from quoted-printable to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id 02DGnaSV011662 X-loop: linux-audit@redhat.com Cc: nhorman@tuxdriver.com, Richard Guy Briggs , linux-api@vger.kernel.org, containers@lists.linux-foundation.org, LKML , dhowells@redhat.com, linux-audit@redhat.com, netfilter-devel@vger.kernel.org, ebiederm@xmission.com, simo@redhat.com, netdev@vger.kernel.org, linux-fsdevel@vger.kernel.org, Eric Paris , mpatel@redhat.com, Serge Hallyn X-BeenThere: linux-audit@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Linux Audit Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit On Fri, Mar 13, 2020 at 12:45 PM Steve Grubb wrote: > On Friday, March 13, 2020 12:42:15 PM EDT Paul Moore wrote: > > > I think more and more, that more complete isolation is being done, > > > taking advantage of each type of namespace as they become available, but > > > I know a nuber of them didn't find it important yet to use IPC, PID or > > > user namespaces which would be the only namespaces I can think of that > > > would provide that isolation. > > > > > > It isn't entirely clear to me which side you fall on this issue, Paul. > > > > That's mostly because I was hoping for some clarification in the > > discussion, especially the relevant certification requirements, but it > > looks like there is still plenty of room for interpretation there (as > > usual). I'd much rather us arrive at decisions based on requirements > > and not gut feelings, which is where I think we are at right now. > > Certification rquirements are that we need the identity of anyone attempting > to modify the audit configuration including shutting it down. Yep, got it. Unfortunately that doesn't really help with what we are talking about. Although preventing the reuse of the ACID before the SIGNAL2 record does help preserve the sanity of the audit stream which I believe to be very important, regardless. -- paul moore www.paul-moore.com -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit