* [PATCH 0/2] audit: add documentation for /proc/PID/stable interfaces @ 2021-03-11 16:40 Richard Guy Briggs 2021-03-11 16:40 ` [PATCH 1/2] audit: document /proc/PID/loginuid Richard Guy Briggs 2021-03-11 16:40 ` [PATCH 2/2] audit: document /proc/PID/sessionid Richard Guy Briggs 0 siblings, 2 replies; 6+ messages in thread From: Richard Guy Briggs @ 2021-03-11 16:40 UTC (permalink / raw) To: Linux-Audit Mailing List, LKML; +Cc: Richard Guy Briggs, Eric Paris Add Documentation/ABI entries for audit interfaces in /proc/PID/ that have been stable for more than a decade. Richard Guy Briggs (2): audit: document /proc/PID/loginuid audit: document /proc/PID/sessionid .../ABI/stable/procfs-audit_loginuid | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 Documentation/ABI/stable/procfs-audit_loginuid -- 2.27.0 -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 1/2] audit: document /proc/PID/loginuid 2021-03-11 16:40 [PATCH 0/2] audit: add documentation for /proc/PID/stable interfaces Richard Guy Briggs @ 2021-03-11 16:40 ` Richard Guy Briggs 2021-03-12 19:15 ` Paul Moore 2021-03-11 16:40 ` [PATCH 2/2] audit: document /proc/PID/sessionid Richard Guy Briggs 1 sibling, 1 reply; 6+ messages in thread From: Richard Guy Briggs @ 2021-03-11 16:40 UTC (permalink / raw) To: Linux-Audit Mailing List, LKML; +Cc: Richard Guy Briggs, Eric Paris Describe the /proc/PID/loginuid interface in Documentation/ABI/stable that was added 2005-02-01 by commit 1e2d1492e178 ("[PATCH] audit: handle loginuid through proc") Signed-off-by: Richard Guy Briggs <rgb@redhat.com> --- Documentation/ABI/stable/procfs-audit_loginuid | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 Documentation/ABI/stable/procfs-audit_loginuid diff --git a/Documentation/ABI/stable/procfs-audit_loginuid b/Documentation/ABI/stable/procfs-audit_loginuid new file mode 100664 index 000000000000..fae63bef2970 --- /dev/null +++ b/Documentation/ABI/stable/procfs-audit_loginuid @@ -0,0 +1,15 @@ +What: Audit Login UID +Date: 2005-02-01 +KernelVersion: 2.6.11-rc2 1e2d1492e178 ("[PATCH] audit: handle loginuid through proc") +Contact: linux-audit@redhat.com +Format: u32 +Users: auditd, libaudit, audit-testsuite, login +Description: + The /proc/$pid/loginuid pseudofile is written to set and + read to get the audit login UID of process $pid. If it is + unset, permissions are not needed to set it. The accessor must + have CAP_AUDIT_CONTROL in the initial user namespace to write + it if it has been set. It cannot be written again if + AUDIT_FEATURE_LOGINUID_IMMUTABLE is enabled. It cannot be + unset if AUDIT_FEATURE_ONLY_UNSET_LOGINUID is enabled. + -- 2.27.0 -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 1/2] audit: document /proc/PID/loginuid 2021-03-11 16:40 ` [PATCH 1/2] audit: document /proc/PID/loginuid Richard Guy Briggs @ 2021-03-12 19:15 ` Paul Moore 2021-03-17 15:58 ` Richard Guy Briggs 0 siblings, 1 reply; 6+ messages in thread From: Paul Moore @ 2021-03-12 19:15 UTC (permalink / raw) To: Richard Guy Briggs; +Cc: Eric Paris, Linux-Audit Mailing List, LKML On Thu, Mar 11, 2021 at 11:41 AM Richard Guy Briggs <rgb@redhat.com> wrote: > Describe the /proc/PID/loginuid interface in Documentation/ABI/stable that > was added 2005-02-01 by commit 1e2d1492e178 ("[PATCH] audit: handle > loginuid through proc") > > Signed-off-by: Richard Guy Briggs <rgb@redhat.com> > --- > Documentation/ABI/stable/procfs-audit_loginuid | 15 +++++++++++++++ > 1 file changed, 15 insertions(+) > create mode 100644 Documentation/ABI/stable/procfs-audit_loginuid After ~15 years, it might be time ;) > diff --git a/Documentation/ABI/stable/procfs-audit_loginuid b/Documentation/ABI/stable/procfs-audit_loginuid > new file mode 100664 > index 000000000000..fae63bef2970 > --- /dev/null > +++ b/Documentation/ABI/stable/procfs-audit_loginuid > @@ -0,0 +1,15 @@ > +What: Audit Login UID > +Date: 2005-02-01 > +KernelVersion: 2.6.11-rc2 1e2d1492e178 ("[PATCH] audit: handle loginuid through proc") > +Contact: linux-audit@redhat.com > +Format: u32 I haven't applied the patch, but I'm going to assume that the "u32" lines up correctly with the rest of the entries, right? > +Users: auditd, libaudit, audit-testsuite, login I think these entries are a bit too specific as I expect the kernel to outlive most userspace libraries and applications. I would suggest "audit and login applications" or something similar. > +Description: > + The /proc/$pid/loginuid pseudofile is written to set and I'm really in no position to critique someone's English grammar, but if we're talking about changes I might add a comma after "set", "... is written to set, and read to get ...". > + read to get the audit login UID of process $pid. If it is > + unset, permissions are not needed to set it. The accessor must > + have CAP_AUDIT_CONTROL in the initial user namespace to write > + it if it has been set. It cannot be written again if > + AUDIT_FEATURE_LOGINUID_IMMUTABLE is enabled. It cannot be > + unset if AUDIT_FEATURE_ONLY_UNSET_LOGINUID is enabled. -- paul moore www.paul-moore.com -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 1/2] audit: document /proc/PID/loginuid 2021-03-12 19:15 ` Paul Moore @ 2021-03-17 15:58 ` Richard Guy Briggs 0 siblings, 0 replies; 6+ messages in thread From: Richard Guy Briggs @ 2021-03-17 15:58 UTC (permalink / raw) To: Paul Moore; +Cc: Eric Paris, Linux-Audit Mailing List, LKML On 2021-03-12 14:15, Paul Moore wrote: > On Thu, Mar 11, 2021 at 11:41 AM Richard Guy Briggs <rgb@redhat.com> wrote: > > Describe the /proc/PID/loginuid interface in Documentation/ABI/stable that > > was added 2005-02-01 by commit 1e2d1492e178 ("[PATCH] audit: handle > > loginuid through proc") > > > > Signed-off-by: Richard Guy Briggs <rgb@redhat.com> > > --- > > Documentation/ABI/stable/procfs-audit_loginuid | 15 +++++++++++++++ > > 1 file changed, 15 insertions(+) > > create mode 100644 Documentation/ABI/stable/procfs-audit_loginuid > > After ~15 years, it might be time ;) > > > diff --git a/Documentation/ABI/stable/procfs-audit_loginuid b/Documentation/ABI/stable/procfs-audit_loginuid > > new file mode 100664 > > index 000000000000..fae63bef2970 > > --- /dev/null > > +++ b/Documentation/ABI/stable/procfs-audit_loginuid > > @@ -0,0 +1,15 @@ > > +What: Audit Login UID > > +Date: 2005-02-01 > > +KernelVersion: 2.6.11-rc2 1e2d1492e178 ("[PATCH] audit: handle loginuid through proc") > > +Contact: linux-audit@redhat.com > > +Format: u32 > > I haven't applied the patch, but I'm going to assume that the "u32" > lines up correctly with the rest of the entries, right? Yes, they do. I'm wondering if they should read instead "%u" since the internal kernel representation isn't as important as what format (number base) is expected and presented. > > +Users: auditd, libaudit, audit-testsuite, login > > I think these entries are a bit too specific as I expect the kernel to > outlive most userspace libraries and applications. I would suggest > "audit and login applications" or something similar. In other examples, users range from a description to an email address, to a URI, to a repository name or address, to a package name, to specific files. I'd prefer to be as specific as reasonably possible without going into gory detail. > > +Description: > > + The /proc/$pid/loginuid pseudofile is written to set and > > I'm really in no position to critique someone's English grammar, but > if we're talking about changes I might add a comma after "set", "... > is written to set, and read to get ...". This would be the Oxford comma debate, and has a sronger preference by USA-ians that Brits. It can help disambiguate meaning in a list of three or more items. > > + read to get the audit login UID of process $pid. If it is > > + unset, permissions are not needed to set it. The accessor must > > + have CAP_AUDIT_CONTROL in the initial user namespace to write > > + it if it has been set. It cannot be written again if > > + AUDIT_FEATURE_LOGINUID_IMMUTABLE is enabled. It cannot be > > + unset if AUDIT_FEATURE_ONLY_UNSET_LOGINUID is enabled. > > paul moore - RGB -- Richard Guy Briggs <rgb@redhat.com> Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635 -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 2/2] audit: document /proc/PID/sessionid 2021-03-11 16:40 [PATCH 0/2] audit: add documentation for /proc/PID/stable interfaces Richard Guy Briggs 2021-03-11 16:40 ` [PATCH 1/2] audit: document /proc/PID/loginuid Richard Guy Briggs @ 2021-03-11 16:40 ` Richard Guy Briggs 2021-03-12 19:17 ` Paul Moore 1 sibling, 1 reply; 6+ messages in thread From: Richard Guy Briggs @ 2021-03-11 16:40 UTC (permalink / raw) To: Linux-Audit Mailing List, LKML; +Cc: Richard Guy Briggs, Eric Paris Describe the /proc/PID/loginuid interface in Documentation/ABI/stable that was added 2008-03-13 in commit 1e0bd7550ea9 ("[PATCH] export sessionid alongside the loginuid in procfs") Signed-off-by: Richard Guy Briggs <rgb@redhat.com> --- Documentation/ABI/stable/procfs-audit_loginuid | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/Documentation/ABI/stable/procfs-audit_loginuid b/Documentation/ABI/stable/procfs-audit_loginuid index fae63bef2970..175ee6ec3695 100644 --- a/Documentation/ABI/stable/procfs-audit_loginuid +++ b/Documentation/ABI/stable/procfs-audit_loginuid @@ -13,3 +13,15 @@ Description: AUDIT_FEATURE_LOGINUID_IMMUTABLE is enabled. It cannot be unset if AUDIT_FEATURE_ONLY_UNSET_LOGINUID is enabled. + +What: Audit Login Session ID +Date: 2008-03-13 +KernelVersion: 2.6.25-rc7 1e0bd7550ea9 ("[PATCH] export sessionid alongside the loginuid in procfs") +Contact: linux-audit@redhat.com +Format: u32 +Users: auditd, libaudit, audit-testsuite, login +Description: + The /proc/$pid/sessionid pseudofile is read to get the + audit login session ID of process $pid. It is set + automatically, serially assigned with each new login. + -- 2.27.0 -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] audit: document /proc/PID/sessionid 2021-03-11 16:40 ` [PATCH 2/2] audit: document /proc/PID/sessionid Richard Guy Briggs @ 2021-03-12 19:17 ` Paul Moore 0 siblings, 0 replies; 6+ messages in thread From: Paul Moore @ 2021-03-12 19:17 UTC (permalink / raw) To: Richard Guy Briggs; +Cc: Eric Paris, Linux-Audit Mailing List, LKML On Thu, Mar 11, 2021 at 11:41 AM Richard Guy Briggs <rgb@redhat.com> wrote: > > Describe the /proc/PID/loginuid interface in Documentation/ABI/stable that > was added 2008-03-13 in commit 1e0bd7550ea9 ("[PATCH] export sessionid > alongside the loginuid in procfs") > > Signed-off-by: Richard Guy Briggs <rgb@redhat.com> > --- > Documentation/ABI/stable/procfs-audit_loginuid | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > > diff --git a/Documentation/ABI/stable/procfs-audit_loginuid b/Documentation/ABI/stable/procfs-audit_loginuid > index fae63bef2970..175ee6ec3695 100644 > --- a/Documentation/ABI/stable/procfs-audit_loginuid > +++ b/Documentation/ABI/stable/procfs-audit_loginuid > @@ -13,3 +13,15 @@ Description: > AUDIT_FEATURE_LOGINUID_IMMUTABLE is enabled. It cannot be > unset if AUDIT_FEATURE_ONLY_UNSET_LOGINUID is enabled. > > + > +What: Audit Login Session ID > +Date: 2008-03-13 > +KernelVersion: 2.6.25-rc7 1e0bd7550ea9 ("[PATCH] export sessionid alongside the loginuid in procfs") > +Contact: linux-audit@redhat.com > +Format: u32 > +Users: auditd, libaudit, audit-testsuite, login This should be obvious, but just to be safe - my comment from patch 1/2 also applies here. > +Description: > + The /proc/$pid/sessionid pseudofile is read to get the > + audit login session ID of process $pid. It is set > + automatically, serially assigned with each new login. -- paul moore www.paul-moore.com -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-03-17 15:58 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-03-11 16:40 [PATCH 0/2] audit: add documentation for /proc/PID/stable interfaces Richard Guy Briggs 2021-03-11 16:40 ` [PATCH 1/2] audit: document /proc/PID/loginuid Richard Guy Briggs 2021-03-12 19:15 ` Paul Moore 2021-03-17 15:58 ` Richard Guy Briggs 2021-03-11 16:40 ` [PATCH 2/2] audit: document /proc/PID/sessionid Richard Guy Briggs 2021-03-12 19:17 ` Paul Moore
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).