From: Casey Schaufler <casey@schaufler-ca.com>
To: Paul Moore <paul@paul-moore.com>
Cc: John Johansen <john.johansen@canonical.com>,
selinux@vger.kernel.org, jmorris@namei.org,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org, linux-audit@redhat.com
Subject: Re: [PATCH v35 23/29] Audit: Create audit_stamp structure
Date: Wed, 27 Apr 2022 13:55:12 -0700 [thread overview]
Message-ID: <8bb21e2c-0c09-86ec-13a7-3e316c145ab7@schaufler-ca.com> (raw)
In-Reply-To: <CAHC9VhQow5MaC0O-YJHxXh_=SR5eo3+97pznVyUq4YhkTuBBmg@mail.gmail.com>
On 4/27/2022 9:02 AM, Paul Moore wrote:
> On Wed, Apr 27, 2022 at 11:49 AM Casey Schaufler <casey@schaufler-ca.com> wrote:
>> On 4/26/2022 12:18 PM, Paul Moore wrote:
>>> On Tue, Apr 26, 2022 at 2:58 PM John Johansen
>>> <john.johansen@canonical.com> wrote:
>>>> On 4/26/22 11:03, Paul Moore wrote:
>>>>> On Mon, Apr 25, 2022 at 7:31 PM John Johansen
>>>>> <john.johansen@canonical.com> wrote:
>>>>>> On 4/18/22 07:59, Casey Schaufler wrote:
>>>>>>> Replace the timestamp and serial number pair used in audit records
>>>>>>> with a structure containing the two elements.
>>>>>>>
>>>>>>> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
>>>>>>> Acked-by: Paul Moore <paul@paul-moore.com>
>>>>>>> ---
>>>>>>> kernel/audit.c | 17 +++++++++--------
>>>>>>> kernel/audit.h | 12 +++++++++---
>>>>>>> kernel/auditsc.c | 22 +++++++++-------------
>>>>>>> 3 files changed, 27 insertions(+), 24 deletions(-)
>>>>> ...
>>>>>
>>>>>>> diff --git a/kernel/audit.h b/kernel/audit.h
>>>>>>> index 4af63e7dde17..260dab6e0e15 100644
>>>>>>> --- a/kernel/audit.h
>>>>>>> +++ b/kernel/audit.h
>>>>>>> @@ -108,10 +114,10 @@ struct audit_context {
>>>>>>> AUDIT_CTX_URING, /* in use by io_uring */
>>>>>>> } context;
>>>>>>> enum audit_state state, current_state;
>>>>>>> + struct audit_stamp stamp; /* event identifier */
>>>>>>> unsigned int serial; /* serial number for record */
>>>>>> shouldn't we be dropping serial from the audit_context, since we have
>>>>>> moved it into the audit_stamp?
>>>>> Unless we make some significant changes to audit_log_start() we still
>>>>> need to preserve a timestamp in the audit_context so that regularly
>>>>> associated audit records can share a common timestamp (which is what
>>>>> groups multiple records into a single "event").
>>>>>
>>>> sure, but the patch changes things to use ctx->stamp.serial instead of
>>>> ctx->serial ...
>>> My apologies, I read your original comment wrong; I was thinking you
>>> were suggesting removing the timestamp info from audit_context in
>>> favor of using the timestamp info contained in the audit_buffer.
>>>
>>> Yes, audit_context:serial is no longer needed with audit_context:stamp.
>> Thank you for catching that. Easy (I expect) fix.
>> BTW, I'm not supposed to be working the next few weeks,
>> but I should be able to sneak v36 in before the next merge
>> window.
> Enjoy the time away :)
>
> FWIW, this isn't my call to make, but I would strongly prefer if this
> got a *full* run in linux-next before it was merged into Linus' tree
> during the merge window. For example, get this into the LSM -next
> tree at -rc1 instead of -rc6.
I am in complete agreement. There's too much Murphy to rush it.
--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit
next prev parent reply other threads:[~2022-04-27 20:55 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20220418145945.38797-1-casey.ref@schaufler-ca.com>
2022-04-18 14:59 ` [PATCH v35 00/29] LSM: Module stacking for AppArmor Casey Schaufler
2022-04-18 14:59 ` [PATCH v35 01/29] integrity: disassociate ima_filter_rule from security_audit_rule Casey Schaufler
2022-04-21 16:51 ` John Johansen
2022-04-18 14:59 ` [PATCH v35 02/29] LSM: Infrastructure management of the sock security Casey Schaufler
2022-04-18 14:59 ` [PATCH v35 03/29] LSM: Add the lsmblob data structure Casey Schaufler
2022-04-26 23:15 ` John Johansen
2022-04-18 14:59 ` [PATCH v35 04/29] LSM: provide lsm name and id slot mappings Casey Schaufler
2022-04-21 16:50 ` John Johansen
2022-04-18 14:59 ` [PATCH v35 05/29] IMA: avoid label collisions with stacked LSMs Casey Schaufler
2022-04-21 16:50 ` John Johansen
2022-04-18 14:59 ` [PATCH v35 06/29] LSM: Use lsmblob in security_audit_rule_match Casey Schaufler
2022-04-21 16:49 ` John Johansen
2022-04-18 14:59 ` [PATCH v35 07/29] LSM: Use lsmblob in security_kernel_act_as Casey Schaufler
2022-04-18 14:59 ` [PATCH v35 08/29] LSM: Use lsmblob in security_secctx_to_secid Casey Schaufler
2022-04-27 0:38 ` John Johansen
2022-04-18 14:59 ` [PATCH v35 09/29] LSM: Use lsmblob in security_secid_to_secctx Casey Schaufler
2022-04-18 14:59 ` [PATCH v35 10/29] LSM: Use lsmblob in security_ipc_getsecid Casey Schaufler
2022-04-18 14:59 ` [PATCH v35 11/29] LSM: Use lsmblob in security_current_getsecid Casey Schaufler
2022-04-18 14:59 ` [PATCH v35 12/29] LSM: Use lsmblob in security_inode_getsecid Casey Schaufler
2022-04-18 14:59 ` [PATCH v35 13/29] LSM: Use lsmblob in security_cred_getsecid Casey Schaufler
2022-04-18 18:02 ` kernel test robot
2022-04-19 0:41 ` kernel test robot
2022-04-19 0:51 ` kernel test robot
2022-04-18 14:59 ` [PATCH v35 14/29] LSM: Specify which LSM to display Casey Schaufler
2022-04-18 14:59 ` [PATCH v35 15/29] LSM: Ensure the correct LSM context releaser Casey Schaufler
2022-04-18 14:59 ` [PATCH v35 16/29] LSM: Use lsmcontext in security_secid_to_secctx Casey Schaufler
2022-04-18 14:59 ` [PATCH v35 17/29] LSM: Use lsmcontext in security_inode_getsecctx Casey Schaufler
2022-04-18 14:59 ` [PATCH v35 18/29] LSM: security_secid_to_secctx in netlink netfilter Casey Schaufler
2022-04-18 14:59 ` [PATCH v35 19/29] NET: Store LSM netlabel data in a lsmblob Casey Schaufler
2022-04-18 14:59 ` [PATCH v35 20/29] binder: Pass LSM identifier for confirmation Casey Schaufler
2022-04-18 14:59 ` [PATCH v35 21/29] LSM: Extend security_secid_to_secctx to include module selection Casey Schaufler
2022-04-25 23:32 ` John Johansen
2022-04-18 14:59 ` [PATCH v35 22/29] Audit: Keep multiple LSM data in audit_names Casey Schaufler
2022-04-25 23:32 ` John Johansen
2022-04-26 17:57 ` Paul Moore
2022-04-18 14:59 ` [PATCH v35 23/29] Audit: Create audit_stamp structure Casey Schaufler
2022-04-25 23:31 ` John Johansen
2022-04-26 18:03 ` Paul Moore
2022-04-26 18:58 ` John Johansen
2022-04-26 19:18 ` Paul Moore
2022-04-27 15:49 ` Casey Schaufler
2022-04-27 16:02 ` Paul Moore
2022-04-27 20:55 ` Casey Schaufler [this message]
2022-04-18 14:59 ` [PATCH v35 24/29] LSM: Add a function to report multiple LSMs Casey Schaufler
2022-04-22 16:26 ` Paul Moore
2022-04-25 23:33 ` John Johansen
2022-04-18 14:59 ` [PATCH v35 25/29] Audit: Allow multiple records in an audit_buffer Casey Schaufler
2022-04-22 16:27 ` Paul Moore
2022-04-26 1:06 ` John Johansen
2022-04-26 18:12 ` Paul Moore
2022-04-26 19:01 ` John Johansen
2022-04-18 14:59 ` [PATCH v35 26/29] Audit: Add record for multiple task security contexts Casey Schaufler
2022-04-22 16:28 ` Paul Moore
2022-04-26 1:08 ` John Johansen
2022-04-26 18:15 ` Paul Moore
2022-04-26 19:07 ` John Johansen
2022-04-18 14:59 ` [PATCH v35 27/29] Audit: Add record for multiple object contexts Casey Schaufler
2022-04-22 16:29 ` Paul Moore
2022-04-26 3:37 ` John Johansen
2022-04-26 18:57 ` Paul Moore
2022-04-26 19:24 ` John Johansen
2022-04-18 14:59 ` [PATCH v35 28/29] LSM: Add /proc attr entry for full LSM context Casey Schaufler
2022-04-22 8:37 ` John Johansen
2022-04-18 14:59 ` [PATCH v35 29/29] AppArmor: Remove the exclusive flag Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8bb21e2c-0c09-86ec-13a7-3e316c145ab7@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=linux-audit@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).