[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4b21a4f0-4b53-2fee-4ea0-c21b95279b1d@canonical.com>
Date: Tue, 26 Apr 2022 12:07:33 -0700
From: John Johansen <john.johansen@...onical.com>
To: Paul Moore <paul@...l-moore.com>
Cc: Casey Schaufler <casey@...aufler-ca.com>,
casey.schaufler@...el.com, jmorris@...ei.org,
linux-security-module@...r.kernel.org, selinux@...r.kernel.org,
linux-audit@...hat.com, keescook@...omium.org,
penguin-kernel@...ove.sakura.ne.jp, stephen.smalley.work@...il.com,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v35 26/29] Audit: Add record for multiple task security
contexts
On 4/26/22 11:15, Paul Moore wrote:
> On Mon, Apr 25, 2022 at 9:08 PM John Johansen
> <john.johansen@...onical.com> wrote:
>> On 4/18/22 07:59, Casey Schaufler wrote:
>>> Create a new audit record AUDIT_MAC_TASK_CONTEXTS.
>>> An example of the MAC_TASK_CONTEXTS (1420) record is:
>>>
>>> type=MAC_TASK_CONTEXTS[1420]
>>> msg=audit(1600880931.832:113)
>>> subj_apparmor=unconfined
>>> subj_smack=_
>>>
>>> When an audit event includes a AUDIT_MAC_TASK_CONTEXTS record
>>> the "subj=" field in other records in the event will be "subj=?".
>>> An AUDIT_MAC_TASK_CONTEXTS record is supplied when the system has
>>> multiple security modules that may make access decisions based
>>> on a subject security context.
>>>
>>> Functions are created to manage the skb list in the audit_buffer.
>>>
>>> Signed-off-by: Casey Schaufler <casey@...aufler-ca.com>
>>
>> Besides moving the aux fns, and the whining below
>> Reviewed-by: John Johansen <john.johansen@...onical.com>
>
> ...
>
>>> diff --git a/kernel/audit.c b/kernel/audit.c
>>> index 4d44c05053b0..8ed2d717c217 100644
>>> --- a/kernel/audit.c
>>> +++ b/kernel/audit.c
>>> @@ -2185,16 +2238,44 @@ int audit_log_task_context(struct audit_buffer *ab)
>>> if (!lsmblob_is_set(&blob))
>>> return 0;
>>>
>>> - error = security_secid_to_secctx(&blob, &context, LSMBLOB_FIRST);
>>> + if (!lsm_multiple_contexts()) {
>>> + error = security_secid_to_secctx(&blob, &context,
>>> + LSMBLOB_FIRST);
>>> + if (error) {
>>> + if (error != -EINVAL)
>>> + goto error_path;
>>> + return 0;
>>> + }
>>>
>>> - if (error) {
>>> - if (error != -EINVAL)
>>> + audit_log_format(ab, " subj=%s", context.context);
>>> + security_release_secctx(&context);
>>> + } else {
>>> + /* Multiple LSMs provide contexts. Include an aux record. */
>>> + audit_log_format(ab, " subj=?");
>>
>> just me whining, you sure we can't just drop subj= here
>
> Have I recently given you my "the audit code is crap" speech? ;)
>
hehehe, I get it, something about glass houses and stones. the whole newline
mess in path 28/29 that I would dearly love to drop.
> I more or less answered this with my comments on the earlier patch,
> but we need to keep this around for compatibility. It will get better
> in the future.
>
Powered by blists - more mailing lists