From: Paul Moore <paul@paul-moore.com>
To: rgb@redhat.com
Cc: linux-fsdevel@vger.kernel.org, viro@zeniv.linux.org.uk,
linux-kernel@vger.kernel.org, linux-audit@redhat.com,
Eric Paris <eparis@redhat.com>,
sgrubb@redhat.com
Subject: Re: [RFC PATCH ghak100 V1 0/2] audit: avoid umount hangs on missing mount
Date: Wed, 12 Dec 2018 08:03:48 -0500 [thread overview]
Message-ID: <CAHC9VhT8iFLSXJBvocg_aPeveBy0hZ4bxZ547ufbUsTnkONpZg@mail.gmail.com> (raw)
In-Reply-To: <cover.1542149969.git.rgb@redhat.com>
On Fri, Nov 16, 2018 at 12:34 PM Richard Guy Briggs <rgb@redhat.com> wrote:
> On user and remote filesystems, a forced umount can still hang due to
> attemting to fetch the fcaps of a mounted filesystem that is no longer
> available.
>
> These two patches take different approaches to address this, one by
> avoiding the lookup when the MNT_FORCE flag is included, the other by
> providing a method to filter out auditing specified types of filesystems.
>
> This can happen on ceph, cifs, 9p, lustre, fuse (gluster) or NFS.
>
> Arguably the better way to address this issue is to disable auditing
> processes that touch removable filesystems.
> Please see the github issue tracker
> https://github.com/linux-audit/audit-kernel/issues/100
>
> Richard Guy Briggs (2):
> audit: avoid fcaps on MNT_FORCE
> audit: moar filter PATH records keyed on filesystem magic
>
> fs/namei.c | 2 +-
> fs/namespace.c | 3 +++
> include/linux/audit.h | 8 ++++++--
> kernel/audit.c | 5 +++--
> kernel/audit.h | 2 +-
> kernel/auditsc.c | 29 ++++++++++++++++++++++++++---
> 6 files changed, 40 insertions(+), 9 deletions(-)
Just to get this out of the way, don't use "moar", spell it properly.
Beyond that, it's not clear to me from your cover letter if you are
proposing these patches as an "or" or as an "and"; assuming the
patch(es) are reasonable, do you want us to merge both of these
patches, or only the one we like the most?
--
paul moore
www.paul-moore.com
next prev parent reply other threads:[~2018-12-12 13:04 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-16 17:33 [RFC PATCH ghak100 V1 0/2] audit: avoid umount hangs on missing mount Richard Guy Briggs
2018-11-16 17:33 ` [RFC PATCH ghak100 V1 1/2] audit: avoid fcaps on MNT_FORCE Richard Guy Briggs
2018-11-19 12:47 ` Miklos Szeredi
2018-11-19 22:58 ` Richard Guy Briggs
2018-11-20 8:17 ` Miklos Szeredi
2018-11-20 15:48 ` Richard Guy Briggs
2018-11-20 17:31 ` Steve Grubb
2018-11-16 17:33 ` [RFC PATCH ghak100 V1 2/2] audit: moar filter PATH records keyed on filesystem magic Richard Guy Briggs
2018-12-12 13:03 ` Paul Moore [this message]
2018-12-14 16:27 ` [RFC PATCH ghak100 V1 0/2] audit: avoid umount hangs on missing mount Richard Guy Briggs
2018-12-14 22:02 ` Paul Moore
2018-12-14 23:03 ` Richard Guy Briggs
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAHC9VhT8iFLSXJBvocg_aPeveBy0hZ4bxZ547ufbUsTnkONpZg@mail.gmail.com \
--to=paul@paul-moore.com \
--cc=eparis@redhat.com \
--cc=linux-audit@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rgb@redhat.com \
--cc=sgrubb@redhat.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).