From: Paul Moore <paul@paul-moore.com>
To: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Cc: tusharsu@linux.microsoft.com, linux-integrity@vger.kernel.org,
linux-audit@redhat.com, linux-kernel@vger.kernel.org,
Mimi Zohar <zohar@linux.ibm.com>
Subject: Re: [PATCH] IMA: Add log statements for failure conditions
Date: Fri, 5 Jun 2020 16:49:32 -0400 [thread overview]
Message-ID: <CAHC9VhS8gmrWxt75aHAE16PWAay7sUrffZiT0A8VLugwexK4Uw@mail.gmail.com> (raw)
In-Reply-To: <8dfb3fa6-5c1f-d644-7d21-72a9448c52cc@linux.microsoft.com>
On Fri, Jun 5, 2020 at 3:54 PM Lakshmi Ramasubramanian
<nramas@linux.microsoft.com> wrote:
> On 6/5/20 12:37 PM, Paul Moore wrote:
>
> > If it's audit related, it's generally best to CC the linux-audit list,
> > not just me (fixed).
> >
> > It's not clear to me what this pr_err() is trying to indicate other
> > than *something* failed. Can someone provide some more background on
> > this message?
>
> process_buffer_measurement() is currently used to measure
> "kexec command line", "keys", and "blacklist-hash". If there was any
> error in the measurement, this pr_err() will indicate which of the above
> measurement failed and the related error code.
>
> Please let me know if you need more info on this one.
That helps, thank you.
> Since a pr_xyz() call was already present, I just wanted to change the
> log level to keep the code change to the minimum. But if audit log is
> the right approach for this case, I'll update.
Generally we reserve audit for things that are required for various
security certifications and/or "security relevant". From what you
mentioned above, it seems like this would fall into the second
category if not the first.
Looking at your patch it doesn't look like you are trying to record
anything special so you may be able to use the existing
integrity_audit_msg(...) helper. Of course then the question comes
down to the audit record type (the audit_msgno argument), the
operation (op), and the comm/cause (cause).
Do you feel that any of the existing audit record types are a good fit for this?
--
paul moore
www.paul-moore.com
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
next prev parent reply other threads:[~2020-06-06 0:22 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20200604163243.2575-1-nramas@linux.microsoft.com>
[not found] ` <1591382782.5816.36.camel@linux.ibm.com>
2020-06-05 19:37 ` [PATCH] IMA: Add log statements for failure conditions Paul Moore
2020-06-05 19:54 ` Lakshmi Ramasubramanian
2020-06-05 20:49 ` Paul Moore [this message]
2020-06-05 21:09 ` Lakshmi Ramasubramanian
2020-06-05 21:34 ` Mimi Zohar
2020-06-05 21:36 ` Lakshmi Ramasubramanian
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAHC9VhS8gmrWxt75aHAE16PWAay7sUrffZiT0A8VLugwexK4Uw@mail.gmail.com \
--to=paul@paul-moore.com \
--cc=linux-audit@redhat.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nramas@linux.microsoft.com \
--cc=tusharsu@linux.microsoft.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).