[PATCH 1/3] kernel/audit: consolidate handling of mm->exe_file

2015-02-18 Thread Davidlohr Bueso
From: Davidlohr Bueso This patch adds a audit_log_d_path_exe() helper function to share how we handle auditing of the exe_file's path. Used by both audit and auditsc. No functionality is changed. Cc: Paul Moore Cc: Eric Paris Cc: linux-audit@redhat.com Signed-off-by: Davidlohr Bueso --- Comp

[PATCH 2/3] kernel/audit: robustify handling of mm->exe_file

2015-02-18 Thread Davidlohr Bueso
From: Davidlohr Bueso The mm->exe_file is currently serialized with mmap_sem (shared) in order to both safely (1) read the file and (2) audit it via audit_log_d_path(). Good users will, on the other hand, make use of the more standard get_mm_exe_file(), requiring only holding the mmap_sem to read

Re: Linux audit performance impact

2015-02-18 Thread Paul Moore
On Wed, Feb 18, 2015 at 5:32 PM, Richard Guy Briggs wrote: > On 15/02/18, Paul Moore wrote: >> I would imagine a scenario where we introduced the new format in stages: >> >> #1 - Move in-kernel audit record string generation completely into >> kernel/audit*.c. Benefits everyone regardless of the

Re: [PATCH 1/3] kernel/audit: consolidate handling of mm->exe_file

2015-02-18 Thread Paul Moore
On Wed, Feb 18, 2015 at 7:10 PM, Davidlohr Bueso wrote: > From: Davidlohr Bueso > > This patch adds a audit_log_d_path_exe() helper function > to share how we handle auditing of the exe_file's path. > Used by both audit and auditsc. No functionality is changed. > > Cc: Paul Moore > Cc: Eric Pari

Re: Linux audit performance impact

2015-02-18 Thread Richard Guy Briggs
On 15/02/18, Paul Moore wrote: > On Wed, Feb 18, 2015 at 4:13 PM, Richard Guy Briggs wrote: > > On 15/02/17, Viswanath, Logeswari P (MCOU OSTL) wrote: > >> I agree that changing the formatting of the records could break the > >> existing applications > >> that consume them, and I didn't mean chan

Re: Linux audit performance impact

2015-02-18 Thread Paul Moore
On Wed, Feb 18, 2015 at 4:13 PM, Richard Guy Briggs wrote: > On 15/02/17, Viswanath, Logeswari P (MCOU OSTL) wrote: >> I agree that changing the formatting of the records could break the existing >> applications >> that consume them, and I didn't mean changing or eliminating of the >> formatting

Re: Linux audit performance impact

2015-02-18 Thread Satish Chandra Kilaru
HI Why/How will the user space tools switch over if the kernel does not support raw mode? Isn't it a chicken&egg issue? --Satish On Wed, Feb 18, 2015 at 4:13 PM, Richard Guy Briggs wrote: > On 15/02/17, Viswanath, Logeswari P (MCOU OSTL) wrote: > > I agree that changing the formatting of the r

Re: Linux audit performance impact

2015-02-18 Thread Richard Guy Briggs
On 15/02/17, Viswanath, Logeswari P (MCOU OSTL) wrote: > I agree that changing the formatting of the records could break the existing > applications > that consume them, and I didn't mean changing or eliminating of the > formatting completely. > We agree that formatting is required for logging th