Re: [PATCH] lsm_audit: avoid overloading the "key" audit field
On Tue, Sep 14, 2021 at 10:49 AM Paul Moore wrote: > > On Tue, Sep 14, 2021 at 9:15 AM Ondrej Mosnacek wrote: > > > > The "key" field is used to associate records with the rule that > > triggered them, os it's not a good idea to overload it with an > > additional IPC key semantic. Moreover, as the classic "key" field is a > > text field, while the IPC key is numeric, AVC records containing the IPC > > key info actually confuse audit userspace, which tries to interpret the > > number as a hex-encoded string, thus showing garbage for example in the > > ausearch "interpret" output mode. > > > > Hence, change it to "ipc_key" to fix both issues and also make the > > meaning of this field more clear. > > > > Signed-off-by: Ondrej Mosnacek > > --- > > security/lsm_audit.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > Seems reasonable to me, I can merge it via the audit/next tree unless > James would prefer to take it via the LSM tree. As this is pretty minor and unlikely to conflict with any LSMs, I've gone ahead and merged this into the audit/next tree. -- paul moore www.paul-moore.com -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit
Re: [PATCH v4 0/8] Add LSM access controls and auditing to io_uring
On Wed, Sep 15, 2021 at 12:49 PM Paul Moore wrote: > > A quick update to the v3 patchset with a small change to the audit > record format (remove the audit login ID on io_uring records) and > a subject line fix on the Smack patch. I also caught a few minor > things in the code comments and fixed those up. All told, nothing > significant but I really dislike merging patches that haven't hit > the list so here ya go ... > > As a reminder, I'm planning to merge these in the selinux/next tree > later this week and it would be *really* nice to get some ACKs from > the io_uring folks; this patchset is implementing the ideas we all > agreed to back in the v1 patchset so there shouldn't be anything > surprising in here. > > For reference the v3 patchset can be found here: > https://lore.kernel.org/linux-security-module/163159032713.470089.11728103630366176255.stgit@olly/T/#t > > Those who would prefer to fetch these patches directly from git can > do so using the tree/branch below: > git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git > (checkout branch "working-io_uring") > > --- > > Casey Schaufler (1): > Smack: Brutalist io_uring support > > Paul Moore (7): > audit: prepare audit_context for use in calling contexts beyond syscalls > audit,io_uring,io-wq: add some basic audit support to io_uring > audit: add filtering for io_uring records > fs: add anon_inode_getfile_secure() similar to anon_inode_getfd_secure() > io_uring: convert io_uring to the secure anon inode interface > lsm,io_uring: add LSM hooks to io_uring > selinux: add support for the io_uring access controls > > > fs/anon_inodes.c| 29 ++ > fs/io-wq.c | 4 + > fs/io_uring.c | 69 +++- > include/linux/anon_inodes.h | 4 + > include/linux/audit.h | 26 ++ > include/linux/lsm_hook_defs.h | 5 + > include/linux/lsm_hooks.h | 13 + > include/linux/security.h| 16 + > include/uapi/linux/audit.h | 4 +- > kernel/audit.h | 7 +- > kernel/audit_tree.c | 3 +- > kernel/audit_watch.c| 3 +- > kernel/auditfilter.c| 15 +- > kernel/auditsc.c| 469 ++-- > security/security.c | 12 + > security/selinux/hooks.c| 34 ++ > security/selinux/include/classmap.h | 2 + > security/smack/smack_lsm.c | 46 +++ > 18 files changed, 646 insertions(+), 115 deletions(-) With no serious objections or outstanding comments, I just merged these patches into selinux/next. If anyone has any follow-on patches please base them against selinux/next, thanks. -- paul moore www.paul-moore.com -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit
