Re: [PATCH 02/13] AppArmor: basic auditing infrastructure.

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Eric Paris <eparis@redhat.com>
To: John Johansen <john.johansen@canonical.com>
Cc: Eric Paris <eparis@parisplace.org>,
	linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org
Subject: Re: [PATCH 02/13] AppArmor: basic auditing infrastructure.
Date: Thu, 15 Jul 2010 13:36:15 -0400	[thread overview]
Message-ID: <20100715133615.0a83defa@redhat.com> (raw)
In-Reply-To: <4C3F391E.5060408@canonical.com>

On Thu, 15 Jul 2010 09:36:46 -0700
John Johansen <john.johansen@canonical.com> wrote:

> On 07/15/2010 08:18 AM, Eric Paris wrote:
> > On Wed, Jul 14, 2010 at 8:43 PM, John Johansen
> > <john.johansen@canonical.com> wrote:

> >> +       if (sa->aad.profile) {
> >> +               struct aa_profile *profile = sa->aad.profile;
> >> +               pid_t pid;
> >> +               rcu_read_lock();
> >> +               pid = tsk->real_parent->pid;
> >> +               rcu_read_unlock();
> >> +               audit_log_format(ab, " parent=%d", pid);
> >> +               audit_log_format(ab, " profile=");
> >> +               if (profile->ns != root_ns) {
> >> +                       audit_log_format(ab, ":");
> >> +                       audit_log_untrustedstring(ab,
> >> profile->ns->base.hname);
> >> +                       audit_log_format(ab, "://");
> >> +               }
> >> +               audit_log_untrustedstring(ab, profile->base.hname);
> >> +       }
> > 
> > what does this message look like?  I don't think it fits the nice
> > key=value rules of the audit system....   Are you sure this is what
> > you want?
> >
> it looks like
> profile=:ns_name://profile_name

Actually it would be:

profile=:"ns_name"://"profile_name"

The 'untrustedstring' call is going to add ""  just making sure you are
ok with that.  I guess the audit libs will deal with it ok.

next prev parent reply	other threads:[~2010-07-15 17:36 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-07-15  0:43 [AppArmor #5 0/13] AppArmor security module John Johansen
2010-07-15  0:43 ` [PATCH 01/13] AppArmor: misc. base functions and defines John Johansen
2010-07-15  0:43 ` [PATCH 02/13] AppArmor: basic auditing infrastructure John Johansen
2010-07-15 15:18   ` Eric Paris
2010-07-15 16:36     ` John Johansen
2010-07-15 17:36       ` Eric Paris [this message]
2010-07-15 18:07         ` John Johansen
2010-07-15  0:43 ` [PATCH 03/13] AppArmor: contexts used in attaching policy to system objects John Johansen
2010-07-15  0:43 ` [PATCH 04/13] AppArmor: core policy routines John Johansen
2010-07-15 15:33   ` Eric Paris
2010-07-15 16:40     ` John Johansen
2010-07-15  0:43 ` [PATCH 05/13] AppArmor: dfa match engine John Johansen
2010-07-15  0:43 ` [PATCH 06/13] AppArmor: policy routines for loading and unpacking policy John Johansen
2010-07-15  0:43 ` [PATCH 07/13] AppArmor: userspace interfaces John Johansen
2010-07-15  0:43 ` [PATCH 08/13] AppArmor: file enforcement routines John Johansen
2010-07-15  0:43 ` [PATCH 09/13] AppArmor: mediation of non file objects John Johansen
2010-07-15  0:43 ` [PATCH 10/13] AppArmor: domain functions for domain transition John Johansen
2010-07-15  0:43 ` [PATCH 11/13] AppArmor: LSM interface, and security module initialization John Johansen
2010-07-15 17:27   ` Serge E. Hallyn
2010-07-15 18:04     ` John Johansen
2010-07-15  0:43 ` [PATCH 12/13] AppArmor: Enable configuring and building of the AppArmor security module John Johansen
2010-07-15  0:43 ` [PATCH 13/13] AppArmor: update Maintainer and Documentation/kernel-parameters.txt John Johansen
2010-07-15 13:06 ` [AppArmor #5 0/13] AppArmor security module Miklos Szeredi
2010-07-16  5:21   ` Tetsuo Handa
2010-07-16 16:37     ` John Johansen
2010-07-17  7:41       ` Tetsuo Handa
  -- strict thread matches above, loose matches on Subject: below --
2010-07-27  2:57 [AppArmor #6 " John Johansen
2010-07-27  2:57 ` [PATCH 02/13] AppArmor: basic auditing infrastructure John Johansen
2010-07-29 21:47 [AppArmor #7 0/13] AppArmor security module John Johansen
2010-07-29 21:47 ` [PATCH 02/13] AppArmor: basic auditing infrastructure John Johansen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20100715133615.0a83defa@redhat.com \
    --to=eparis@redhat.com \
    --cc=eparis@parisplace.org \
    --cc=john.johansen@canonical.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.