From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1182AC433F5 for ; Mon, 20 Sep 2021 02:49:41 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 8638660F6E for ; Mon, 20 Sep 2021 02:49:40 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 8638660F6E Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=paul-moore.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=redhat.com Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-346-D04ulPTqNoaG6RStVVxdqA-1; Sun, 19 Sep 2021 22:49:38 -0400 X-MC-Unique: D04ulPTqNoaG6RStVVxdqA-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 0AC4B1800D41; Mon, 20 Sep 2021 02:49:35 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1B7DE5D9DC; Mon, 20 Sep 2021 02:49:34 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id A14084E58E; Mon, 20 Sep 2021 02:49:33 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 18K2nV3c023345 for ; Sun, 19 Sep 2021 22:49:31 -0400 Received: by smtp.corp.redhat.com (Postfix) id 287635016D; Mon, 20 Sep 2021 02:49:31 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast04.extmail.prod.ext.rdu2.redhat.com [10.11.55.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 207F150167 for ; Mon, 20 Sep 2021 02:49:27 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id D68511066559 for ; Mon, 20 Sep 2021 02:49:27 +0000 (UTC) Received: from mail-ed1-f44.google.com (mail-ed1-f44.google.com [209.85.208.44]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-550-M3KFgWSDNYeUTjOZR_bzfA-1; Sun, 19 Sep 2021 22:49:25 -0400 X-MC-Unique: M3KFgWSDNYeUTjOZR_bzfA-1 Received: by mail-ed1-f44.google.com with SMTP id v5so54824013edc.2 for ; Sun, 19 Sep 2021 19:49:25 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=0PP3bc+mj1V45SFNdXYKQe5FNL6cSGV9CSgoKWm4SK8=; b=4SyzsNw1OtMdjwSaOBG92bOhcy91ZTMu/LFvVxaVHlbwYLxekxsc7C2rs2Vv/etWw1 Mghi6YMfp8PPhUD7I6h8tDi/HccvtmVQ2EzjjVxXMTFwCNubdg6QT2nseqCrh7iZpERo QZYjJpbad7xDsSfihe/811t+/Xr+0DJmimNOAm7DPBb77cpHiG0hwOA4r58cp5aTnA5U W5HqeGrgR9nmvdAiC2Fe7dS+mPxA/cnrGK8oWy8RdB+KnHxhMaTMHTl0IRUKwDGQhHgJ +l1+10PPQE2dRPuCqdmBGiZ7mTxxntoX9kXY0+8s2C91CYeMmohBQzXjFxreoyhs2qwr ZAaQ== X-Gm-Message-State: AOAM533vue83dvJv6J4Nn9f8gkjXoy0c/g/rKSVkxZNC5zX3NVd1/4w8 p5hBw8x5W/Ei+cvWBetywUykxbzL8N4YbslJgvAi X-Google-Smtp-Source: ABdhPJypXxL+vQ5ePHV7fGZpHgMBFe/zfZbAaSuCtCNp63BRQj0+oVqEIlD8zVZiGPyLrR7QFTFLq+iYNGmo9mxXnb0= X-Received: by 2002:a50:d805:: with SMTP id o5mr25868291edj.104.1632106164164; Sun, 19 Sep 2021 19:49:24 -0700 (PDT) MIME-Version: 1.0 References: <20210914131516.128823-1-omosnace@redhat.com> In-Reply-To: From: Paul Moore Date: Sun, 19 Sep 2021 22:49:13 -0400 Message-ID: Subject: Re: [PATCH] lsm_audit: avoid overloading the "key" audit field To: Ondrej Mosnacek X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-loop: linux-audit@redhat.com Cc: linux-security-module@vger.kernel.org, James Morris , linux-audit@redhat.com X-BeenThere: linux-audit@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Linux Audit Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=linux-audit-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit On Tue, Sep 14, 2021 at 10:49 AM Paul Moore wrote: > > On Tue, Sep 14, 2021 at 9:15 AM Ondrej Mosnacek wrote: > > > > The "key" field is used to associate records with the rule that > > triggered them, os it's not a good idea to overload it with an > > additional IPC key semantic. Moreover, as the classic "key" field is a > > text field, while the IPC key is numeric, AVC records containing the IPC > > key info actually confuse audit userspace, which tries to interpret the > > number as a hex-encoded string, thus showing garbage for example in the > > ausearch "interpret" output mode. > > > > Hence, change it to "ipc_key" to fix both issues and also make the > > meaning of this field more clear. > > > > Signed-off-by: Ondrej Mosnacek > > --- > > security/lsm_audit.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > Seems reasonable to me, I can merge it via the audit/next tree unless > James would prefer to take it via the LSM tree. As this is pretty minor and unlikely to conflict with any LSMs, I've gone ahead and merged this into the audit/next tree. -- paul moore www.paul-moore.com -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit