From: Stephen Smalley <sds@tycho.nsa.gov>
To: James Morris <jmorris@namei.org>,
Nicholas Franck <nhfran2@tycho.nsa.gov>
Cc: paul@paul-moore.com, selinux@vger.kernel.org,
linux-security-module@vger.kernel.org, luto@amacapital.net,
keescook@chromium.org, serge@hallyn.com,
john.johansen@canonical.com, casey@schaufler-ca.com,
mortonm@chromium.org,
"linux-audit@redhat.com" <linux-audit@redhat.com>
Subject: Re: [RFC PATCH] security, capability: pass object information to security_capable
Date: Fri, 12 Jul 2019 14:02:17 -0400 [thread overview]
Message-ID: <3605eb1a-fb1c-8933-b1e1-a60e54fb1e1c@tycho.nsa.gov> (raw)
In-Reply-To: <alpine.LRH.2.21.1907130347010.1509@namei.org>
On 7/12/19 1:50 PM, James Morris wrote:
> On Fri, 12 Jul 2019, Nicholas Franck wrote:
>
>> + case LSM_AUDIT_DATA_CAP: {
>> + const struct inode *inode;
>> +
>> + if (a->u.cap_struct.cad) {
>> + switch (a->u.cap_struct.cad->type) {
>> + case CAP_AUX_DATA_INODE: {
>> + inode = a->u.cap_struct.cad->u.inode;
>> +
>> + audit_log_format(ab, " dev=");
>> + audit_log_untrustedstring(ab,
>> + inode->i_sb->s_id);
>> + audit_log_format(ab, " ino=%lu",
>> + inode->i_ino);
>> + break;
>> + }
>> + }
>> + }
>> + audit_log_format(ab, " capability=%d ", a->u.cap_struct.cap);
>> break;
>
> Will this break any existing userspace log parsers?
I'm hoping not given that we are only adding auxiliary fields and those
are already defined for other AVC audit messages. ausearch appeared to
work fine. Added the linux-audit mailing list to the cc line to get
their view.
next prev parent reply other threads:[~2019-07-12 18:02 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-12 17:34 [RFC PATCH] security,capability: pass object information to security_capable Nicholas Franck
2019-07-12 17:50 ` James Morris
2019-07-12 18:02 ` Stephen Smalley [this message]
2019-07-15 18:42 ` [RFC PATCH] security, capability: " Richard Guy Briggs
2019-07-12 17:58 ` [RFC PATCH] security,capability: " Casey Schaufler
2019-07-12 18:25 ` [RFC PATCH] security, capability: " Stephen Smalley
2019-07-12 19:54 ` Casey Schaufler
2019-07-12 20:21 ` Stephen Smalley
2019-07-12 22:37 ` Casey Schaufler
2019-07-13 4:35 ` James Morris
2019-07-13 18:46 ` Casey Schaufler
2019-07-13 4:29 ` James Morris
2019-07-16 14:03 ` Serge E. Hallyn
2019-07-16 14:21 ` Andy Lutomirski
2019-07-16 15:03 ` Casey Schaufler
2019-07-16 15:08 ` Stephen Smalley
2019-07-16 14:43 ` Casey Schaufler
2019-07-24 20:12 ` Paul Moore
2019-07-16 14:16 ` [RFC PATCH] security,capability: " Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3605eb1a-fb1c-8933-b1e1-a60e54fb1e1c@tycho.nsa.gov \
--to=sds@tycho.nsa.gov \
--cc=casey@schaufler-ca.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=keescook@chromium.org \
--cc=linux-audit@redhat.com \
--cc=linux-security-module@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mortonm@chromium.org \
--cc=nhfran2@tycho.nsa.gov \
--cc=paul@paul-moore.com \
--cc=selinux@vger.kernel.org \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).