From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7682EC33CB6 for ; Wed, 22 Jan 2020 21:29:38 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 46D3D24673 for ; Wed, 22 Jan 2020 21:29:38 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore-com.20150623.gappssmtp.com header.i=@paul-moore-com.20150623.gappssmtp.com header.b="VJNm7ixV" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729427AbgAVV3g (ORCPT ); Wed, 22 Jan 2020 16:29:36 -0500 Received: from mail-lf1-f68.google.com ([209.85.167.68]:35712 "EHLO mail-lf1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729396AbgAVV3g (ORCPT ); Wed, 22 Jan 2020 16:29:36 -0500 Received: by mail-lf1-f68.google.com with SMTP id z18so744699lfe.2 for ; Wed, 22 Jan 2020 13:29:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=T8dyZsx/1G1o4Km+D3AEjaFYjcDXoKwu76FXwqPPMog=; b=VJNm7ixVgyAguIeuR1pIXq0hv6ch7qgz5+W7axDIdGlhCNwpeyNJplyxY1npsTRa4q 3AvFO2bN5r9I/mbrHMKFriPmjMXEUWYzS+PN/eLwCoaJhzX3jbPQJyRrX+O6IifhmS4t bAW5ztBvjxYTbpp9vIw4qcfvCMDSpuT8XuKqnlkWEusBikGN7eK6zxIwb+ANo0MusAUH y+2kEafA7mRzCvr0s6iDXqOBMqy0gyMtoVIoPF3UpKq+lYrO5MoIoGFloRBeyZfAnJAY cqsdx7KP8XS8YRJxgBSf+GmUDq5DSAoNnh1r2nnWw3k0ufdHWJw6q2xH0VYZhZTHi5df rQRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=T8dyZsx/1G1o4Km+D3AEjaFYjcDXoKwu76FXwqPPMog=; b=k5yInQy1hZXR2PzNZy3VZX1k8IsUEF1WaGpU7nvvzCjnvxmDlsAJnJ2JjqFJWTycof 6XCVup4VCQx/HNR9Os+XV+P9VL7W4y/ABDesdrMnE6k6nzgcSSX61oP17SM21y+HDLKA gbmCoNzQPPPd8Ny3CnlbeHect830jdc0XXRrV0pet+dZ9jHmAT17YMhIJv3SBZuIbui4 1Hjk/91p8XKg1fl/9jdt8wmjcoI9DjHc2F/9ikqd1rxQpxX19JSsfSGjDRojEX+bVE98 7bF+2fO7yMyNSH8cpKI46kaCawZwRgmlVdli2V+ayDnx5VOeEVjQyDpnkb4YEp0lDsfm +cIw== X-Gm-Message-State: APjAAAXpgD56Exe/46Z8fiAR/z60KgZ5bYnlo9am1P/6oNQybrMzYUFw zLJfAc+kSx2A4dXbFBAeIyKfssbbQ8c1XUN8Bl3k X-Google-Smtp-Source: APXvYqz71TZIg9MpEPSBX37Fh9pYf3NdlS4RNWJNnf5mBSZhvbWQtLxCouQ51G9Z/+VOzq252Xo+mwvfcQY+/hQ0B1U= X-Received: by 2002:ac2:4422:: with SMTP id w2mr2853088lfl.178.1579728573496; Wed, 22 Jan 2020 13:29:33 -0800 (PST) MIME-Version: 1.0 References: <28cf3e16f8440bcb852767d3ae13e1a56c19569c.1577736799.git.rgb@redhat.com> In-Reply-To: <28cf3e16f8440bcb852767d3ae13e1a56c19569c.1577736799.git.rgb@redhat.com> From: Paul Moore Date: Wed, 22 Jan 2020 16:29:22 -0500 Message-ID: Subject: Re: [PATCH ghak90 V8 14/16] audit: check contid depth and add limit config param To: Richard Guy Briggs Cc: containers@lists.linux-foundation.org, linux-api@vger.kernel.org, Linux-Audit Mailing List , linux-fsdevel@vger.kernel.org, LKML , netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, sgrubb@redhat.com, omosnace@redhat.com, dhowells@redhat.com, simo@redhat.com, Eric Paris , Serge Hallyn , ebiederm@xmission.com, nhorman@tuxdriver.com, Dan Walsh , mpatel@redhat.com Content-Type: text/plain; charset="UTF-8" Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org On Tue, Dec 31, 2019 at 2:51 PM Richard Guy Briggs wrote: > > Clamp the depth of audit container identifier nesting to limit the > netlink and disk bandwidth used and to prevent losing information from > record text size overflow in the contid field. > > Add a configuration parameter AUDIT_STATUS_CONTID_DEPTH_LIMIT (0x80) to > set the audit container identifier depth limit. This can be used to > prevent overflow of the contid field in CONTAINER_OP and CONTAINER_ID > messages, losing information, and to limit bandwidth used by these > messages. > > Signed-off-by: Richard Guy Briggs > --- > include/uapi/linux/audit.h | 2 ++ > kernel/audit.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++ > kernel/audit.h | 2 ++ > 3 files changed, 50 insertions(+) Since setting an audit container ID, and hence acting as an orchestrator and creating a new nested level of audit container IDs, is a privileged operation I think we can equate this to the infamous "shooting oneself in the foot" problem. Let's leave this limitation out of the patchset for now, if it becomes a problem in the future we can consider restricting the nesting depth. -- paul moore www.paul-moore.com