[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20140919033014.GR4462@madcap2.tricolour.ca>
Date: Thu, 18 Sep 2014 23:30:14 -0400
From: Richard Guy Briggs <rgb@...hat.com>
To: Stephen Smalley <sds@...ho.nsa.gov>
Cc: James Morris <jmorris@...ei.org>, Steve Grubb <sgrubb@...hat.com>,
Eric Paris <eparis@...hat.com>,
Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>,
peterz@...radead.org, paulmck@...ux.vnet.ibm.com,
laijs@...fujitsu.com, akpm@...ux-foundation.org, joe@...ches.com,
keescook@...omium.org, geert@...ux-m68k.org, jkosina@...e.cz,
viro@...iv.linux.org.uk, davem@...emloft.net,
linux-kernel@...r.kernel.org, mingo@...e.hu, rostedt@...dmis.org,
tglx@...utronix.de, linux-security-module@...r.kernel.org
Subject: Re: [PATCH] LSM: Pass comm name via get_task_comm() [was: Re:
[PATCH] Change task_struct->comm to use RCU.]
On 14/03/27, Stephen Smalley wrote:
> On 03/27/2014 01:20 PM, Richard Guy Briggs wrote:
> > On 14/03/12, James Morris wrote:
> >> On Tue, 11 Mar 2014, Tetsuo Handa wrote:
> >>
> >>> And the same phrase goes to James Morris...
> >>>
> >>> If you are sure that it is safe to use get_task_comm() from
> >>> dump_common_audit_data() and you prefer locked version, please pick up below
> >>> patch via your git tree.
> >>>
> >>> If you are unsure or prefer lockless version, I'll make a lockless version
> >>> using do_get_task_comm() proposed in this thread.
> >>
> >> If you can't understand whether your patch is correct or not, don't ask me
> >> to apply it to my tree.
> >>
> >> If you're unsure, get it reviewed first.
> >
> > Steve (see https://lkml.org/lkml/2014/3/11/218 ) and James,
> >
> > Are the labels on data output in LSM_AUDIT_DATA_TASK even right? The
> > general case gives pid and comm of current. Then the
> > LSM_AUDIT_DATA_TASK case gives pid and comm from the task handed in in
> > the struct common_audit_data pointer. They are a duplicate of the
> > general case without generating a new message. I expect this will cause
> > ausearch to ignore those latter two fields. Should the latter two be
> > renamed to something like ad_pid= and ad_comm= ?
>
> Hmmm..only seems to be used by Smack.
> SELinux had a tsk field in common_audit_data that was removed by
> b466066. This other tsk field seems to have been added for Smack by
> 6e837fb.
>
> That said, it would be nice to have pid/comm info for the target of a
> signal check as well as current.
Reviving a bit of an old thread...
Probably the appropriate keywords would be opid= and ocomm= for the
target (object).
- RGB
--
Richard Guy Briggs <rbriggs@...hat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists