From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.5 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, MENTIONS_GIT_HOSTING,SIGNED_OFF_BY,SPF_PASS,USER_AGENT_MUTT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3F721C43381 for ; Fri, 29 Mar 2019 14:50:08 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 187562183F for ; Fri, 29 Mar 2019 14:50:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729609AbfC2OuH (ORCPT ); Fri, 29 Mar 2019 10:50:07 -0400 Received: from charlotte.tuxdriver.com ([70.61.120.58]:42957 "EHLO smtp.tuxdriver.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729435AbfC2OuG (ORCPT ); Fri, 29 Mar 2019 10:50:06 -0400 Received: from cpe-2606-a000-111b-405a-9816-2c85-c514-8f7a.dyn6.twc.com ([2606:a000:111b:405a:9816:2c85:c514:8f7a] helo=localhost) by smtp.tuxdriver.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from ) id 1h9spR-0005o5-Es; Fri, 29 Mar 2019 10:50:01 -0400 Date: Fri, 29 Mar 2019 10:49:27 -0400 From: Neil Horman To: Richard Guy Briggs Cc: Ondrej Mosnacek , linux-api@vger.kernel.org, containers@lists.linux-foundation.org, LKML , David Howells , Linux-Audit Mailing List , netfilter-devel@vger.kernel.org, "Eric W . Biederman" , Simo Sorce , netdev@vger.kernel.org, linux-fsdevel@vger.kernel.org, Eric Paris , "Serge E. Hallyn" Subject: Re: [PATCH ghak90 V5 09/10] audit: add support for containerid to network namespaces Message-ID: <20190328112100.GA11558@hmswarspite.think-freely.org> References: <27473c84a274c64871cfa8e3636deaf05603c978.1552665316.git.rgb@redhat.com> <20190328011202.6raixwzdimn5b4zk@madcap2.tricolour.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190328011202.6raixwzdimn5b4zk@madcap2.tricolour.ca> User-Agent: Mutt/1.11.3 (2019-02-01) Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org On Wed, Mar 27, 2019 at 09:12:02PM -0400, Richard Guy Briggs wrote: > On 2019-03-27 23:42, Ondrej Mosnacek wrote: > > On Fri, Mar 15, 2019 at 7:35 PM Richard Guy Briggs wrote: > > > Audit events could happen in a network namespace outside of a task > > > context due to packets received from the net that trigger an auditing > > > rule prior to being associated with a running task. The network > > > namespace could be in use by multiple containers by association to the > > > tasks in that network namespace. We still want a way to attribute > > > these events to any potential containers. Keep a list per network > > > namespace to track these audit container identifiiers. > > > > > > Add/increment the audit container identifier on: > > > - initial setting of the audit container identifier via /proc > > > - clone/fork call that inherits an audit container identifier > > > - unshare call that inherits an audit container identifier > > > - setns call that inherits an audit container identifier > > > Delete/decrement the audit container identifier on: > > > - an inherited audit container identifier dropped when child set > > > - process exit > > > - unshare call that drops a net namespace > > > - setns call that drops a net namespace > > > > > > See: https://github.com/linux-audit/audit-kernel/issues/92 > > > See: https://github.com/linux-audit/audit-testsuite/issues/64 > > > See: https://github.com/linux-audit/audit-kernel/wiki/RFE-Audit-Container-ID > > > Signed-off-by: Richard Guy Briggs > > > --- > > > include/linux/audit.h | 19 ++++++++++++ > > > kernel/audit.c | 86 +++++++++++++++++++++++++++++++++++++++++++++++++-- > > > kernel/nsproxy.c | 4 +++ > > > 3 files changed, 106 insertions(+), 3 deletions(-) > > > > > > diff --git a/include/linux/audit.h b/include/linux/audit.h > > > index fa19fa408931..70255c2dfb9f 100644 > > > --- a/include/linux/audit.h > > > +++ b/include/linux/audit.h > > > @@ -27,6 +27,7 @@ > > > #include > > > #include /* LOOKUP_* */ > > > #include > > > +#include > > > > > > #define AUDIT_INO_UNSET ((unsigned long)-1) > > > #define AUDIT_DEV_UNSET ((dev_t)-1) > > > @@ -99,6 +100,13 @@ struct audit_task_info { > > > > > > extern struct audit_task_info init_struct_audit; > > > > > > +struct audit_contid { > > > + struct list_head list; > > > + u64 id; > > > + refcount_t refcount; > > > > Hm, since we only ever touch the refcount under a spinlock, I wonder > > if we could just make it a regular unsigned int (we don't need the > > atomicity guarantees). OTOH, refcount_t comes with some extra overflow > > checking, so it's probably better to leave it as is... > > Since the update is done using rcu-safe methods, do we even need the > spin_lock? Neil? Paul? > Yes, we do. Rcu-safe methods only apply to read side operations, we still need traditional mutual exclusion on the write side of the operation. That is to say we need to protect the list against multiple writers at the same time, and for that we need a spin lock. Neil