Re: [PATCH 3/15] sanitize audit_ipc_obj()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Eric Paris <eparis@redhat.com>
To: James Morris <jmorris@namei.org>
Cc: linux-audit@redhat.com, Al Viro <viro@ZenIV.linux.org.uk>,
	Al Viro <viro@ftp.linux.org.uk>,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH 3/15] sanitize audit_ipc_obj()
Date: Wed, 17 Dec 2008 11:55:28 -0500	[thread overview]
Message-ID: <1229532928.3384.3.camel@localhost.localdomain> (raw)
In-Reply-To: <alpine.LRH.1.10.0812172047090.24405@tundra.namei.org>

On Wed, 2008-12-17 at 20:53 +1100, James Morris wrote:
> On Wed, 17 Dec 2008, Al Viro wrote:
> 
> > On Wed, Dec 17, 2008 at 06:24:40PM +1100, James Morris wrote:
> > > On Wed, 17 Dec 2008, Al Viro wrote:
> > > 
> > > > +		struct {
> > > > +			uid_t			uid;
> > > > +			gid_t			gid;
> > > > +			mode_t			mode;
> > > > +			u32			osid;
> > > > +		} ipc;
> > > 
> > > 'osid' should be converted into 'secid' someday.
> > 
> > Eh?  Do you mean the field name there or the actual output?  Either is
> > trivial, of course, but the latter is up to userland folks and the
> > former alone seems to be rather pointless...
> 
> I was thinking in terms of the kernel API, where 'secid' is the preferred 
> name for security identifiers ('sid' being an SELinux-specific term and 
> also conflicting with 'session id').  Given that it's exposed to userland, 
> I guess it's too late.

James meant just do s/osid/secid/ for continuity across the kernel (we
are trying to make the main kernel a bit more LSM agnostic and sid is an
SELinux term).  The userspace exported part is actually a translated
string (I think we use ocontext= and scontext=).

There is no reason we couldn't do this in audit.  But, I don't think
it's worth changing this patch, as I think audit refers to it as sid in
other places.  Maybe I'll try to clean that up someday.  I at least
added it to my "someday" todo list.

-Eric

WARNING: multiple messages have this Message-ID (diff)

From: Eric Paris <eparis@redhat.com>
To: James Morris <jmorris@namei.org>
Cc: Al Viro <viro@ZenIV.linux.org.uk>,
	linux-audit@redhat.com, linux-kernel@vger.kernel.org,
	Al Viro <viro@ftp.linux.org.uk>
Subject: Re: [PATCH 3/15] sanitize audit_ipc_obj()
Date: Wed, 17 Dec 2008 11:55:28 -0500	[thread overview]
Message-ID: <1229532928.3384.3.camel@localhost.localdomain> (raw)
In-Reply-To: <alpine.LRH.1.10.0812172047090.24405@tundra.namei.org>

On Wed, 2008-12-17 at 20:53 +1100, James Morris wrote:
> On Wed, 17 Dec 2008, Al Viro wrote:
> 
> > On Wed, Dec 17, 2008 at 06:24:40PM +1100, James Morris wrote:
> > > On Wed, 17 Dec 2008, Al Viro wrote:
> > > 
> > > > +		struct {
> > > > +			uid_t			uid;
> > > > +			gid_t			gid;
> > > > +			mode_t			mode;
> > > > +			u32			osid;
> > > > +		} ipc;
> > > 
> > > 'osid' should be converted into 'secid' someday.
> > 
> > Eh?  Do you mean the field name there or the actual output?  Either is
> > trivial, of course, but the latter is up to userland folks and the
> > former alone seems to be rather pointless...
> 
> I was thinking in terms of the kernel API, where 'secid' is the preferred 
> name for security identifiers ('sid' being an SELinux-specific term and 
> also conflicting with 'session id').  Given that it's exposed to userland, 
> I guess it's too late.

James meant just do s/osid/secid/ for continuity across the kernel (we
are trying to make the main kernel a bit more LSM agnostic and sid is an
SELinux term).  The userspace exported part is actually a translated
string (I think we use ocontext= and scontext=).

There is no reason we couldn't do this in audit.  But, I don't think
it's worth changing this patch, as I think audit refers to it as sid in
other places.  Maybe I'll try to clean that up someday.  I at least
added it to my "someday" todo list.

-Eric

next prev parent reply	other threads:[~2008-12-17 16:55 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-12-17  5:11 [PATCH 3/15] sanitize audit_ipc_obj() Al Viro
2008-12-17  7:24 ` James Morris
2008-12-17  9:32   ` Al Viro
2008-12-17  9:53     ` James Morris
2008-12-17  9:53       ` James Morris
2008-12-17 16:55       ` Eric Paris [this message]
2008-12-17 16:55         ` Eric Paris

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1229532928.3384.3.camel@localhost.localdomain \
    --to=eparis@redhat.com \
    --cc=jmorris@namei.org \
    --cc=linux-audit@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=viro@ZenIV.linux.org.uk \
    --cc=viro@ftp.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.