From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: Re: [PATCH 1/1] Fanotify: Introduce a permissive mode
Date: Tue, 15 Aug 2017 12:23:08 -0400
Message-ID: <1667402.zHjUK3v2PR@x2>
References: <3663877.NZSPRKlUQW@x2> <1515035.GaL8l3qfz8@x2> <CAOQ4uxiEbiUVfEgMWmA3uV4y49JVAYykWOBTc1=fA+LqEOm5Kw@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7Bit
Return-path: <linux-fsdevel-owner@vger.kernel.org>
In-Reply-To: <CAOQ4uxiEbiUVfEgMWmA3uV4y49JVAYykWOBTc1=fA+LqEOm5Kw@mail.gmail.com>
Sender: linux-fsdevel-owner@vger.kernel.org
To: Amir Goldstein <amir73il@gmail.com>
Cc: fsdevel <linux-fsdevel@vger.kernel.org>, Linux Audit <linux-audit@redhat.com>, Jan Kara <jack@suse.cz>
List-Id: linux-audit@redhat.com

On Tuesday, August 15, 2017 11:37:19 AM EDT Amir Goldstein wrote:
> > So, there is some utility to having the application stopped so that the
> > daemon can do its checks but then throw away the answer so that more of
> > the policy can be verified.
> > 
> >> *if* at all this method is acceptable overriding access decision should
> >> probably be accompanied with pr_warn_ratelimited and a big warning
> >> for fanotify_init with FAN_CLASS_{,PRE_}CONTENT priority.
> > 
> > I was hoping the audit event was a big enough warning. But something for
> > dmesg/syslog is easy to add.
> 
> No warning is big enough if the change breaks existing apps behavior.
> One of the major flaws in your suggestion is that it changes the behavior
> globally. I think what you want for the debugging use case is to introduce
> a new fanotify_init() flag FAN_PERMISSIVE.
> Your daemon could set the new flag to opt-in for the new behavior, which
> may depend on kernel parameter, or even on sysfs knob if you like.

Thanks for the discussion. I'm self-NAK'ing this for now.

-Steve