From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 784BFC433FE for ; Thu, 14 Oct 2021 07:53:37 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 14D4E61019 for ; Thu, 14 Oct 2021 07:53:36 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 14D4E61019 Authentication-Results: mail.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1634198016; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=rRkCPXkFdJ54y5r38Cd6BwAlfCWbeehayPRjNwfXxzk=; b=dTIx0Y0zBIwM2rbmkYcKnlplSkM3MkKD3m4vAWxj2U1zCgZhwN072v6K9FSXQ94WTj9S4B nBTaKooxI+4v0M8jrG/ZKUAqNuUWJZEwlpA4PEcX8pZiZPaBiBg3psVRzfv68ZIJ+hF7oy qY0v8CWfQ5MR+S+GlUtK3BewXTYpMpI= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-511-0l3uHOAOMPGFa--Y3fHOog-1; Thu, 14 Oct 2021 03:53:32 -0400 X-MC-Unique: 0l3uHOAOMPGFa--Y3fHOog-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 5228C10A8E01; Thu, 14 Oct 2021 07:53:28 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 381CB694B5; Thu, 14 Oct 2021 07:53:28 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 07FBD1806D02; Thu, 14 Oct 2021 07:53:28 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 19DK345M023029 for ; Wed, 13 Oct 2021 16:03:04 -0400 Received: by smtp.corp.redhat.com (Postfix) id D0CDC7086C; Wed, 13 Oct 2021 20:03:04 +0000 (UTC) Received: from x2.localnet (unknown [10.22.33.236]) by smtp.corp.redhat.com (Postfix) with ESMTP id 330135BAFB; Wed, 13 Oct 2021 20:02:32 +0000 (UTC) From: Steve Grubb To: corbet@lwn.net, axboe@kernel.dk, agk@redhat.com, snitzer@redhat.com, ebiggers@kernel.org, tytso@mit.edu, paul@paul-moore.com, eparis@redhat.com, jmorris@namei.org, serge@hallyn.com, linux-audit@redhat.com Date: Wed, 13 Oct 2021 16:02:30 -0400 Message-ID: <2159283.iZASKD2KPV@x2> Organization: Red Hat In-Reply-To: <1634151995-16266-8-git-send-email-deven.desai@linux.microsoft.com> References: <1634151995-16266-1-git-send-email-deven.desai@linux.microsoft.com> <1634151995-16266-8-git-send-email-deven.desai@linux.microsoft.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: dm-devel@redhat.com X-Mailman-Approved-At: Thu, 14 Oct 2021 03:53:04 -0400 Cc: linux-fscrypt@vger.kernel.org, dm-devel@redhat.com, jannh@google.com, deven.desai@linux.microsoft.com, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-block@vger.kernel.org, linux-security-module@vger.kernel.org, linux-audit@redhat.com Subject: Re: [dm-devel] [RFC PATCH v7 07/16] ipe: add auditing support X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: dm-devel-bounces@redhat.com Errors-To: dm-devel-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=dm-devel-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Hello, On Wednesday, October 13, 2021 3:06:26 PM EDT deven.desai@linux.microsoft.com wrote: > Users of IPE require a way to identify when and why an operation fails, > allowing them to both respond to violations of policy and be notified > of potentially malicious actions on their systens with respect to IPE > itself. Would you mind sending examples of audit events so that we can see what the end result is? Some people add them to the commit text. But we still need to see what they look like. Thanks, -Steve -- dm-devel mailing list dm-devel@redhat.com https://listman.redhat.com/mailman/listinfo/dm-devel From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DA18BC433FE for ; Wed, 13 Oct 2021 20:07:28 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 5A37860E78 for ; Wed, 13 Oct 2021 20:07:28 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 5A37860E78 Authentication-Results: mail.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1634155647; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=8zc4JI2Fk+sY1kms4wbs6sZ9w/lOficgiwaDMg8pm/g=; b=FYo6irkKAvBa/Z/7GG08JdwOU5DX4kRNAy2iaE0x7l72NsdWvVsI6e9OBRGpQO6/mzqZvm DDl5vDHhQyFiRd9v+1QF3IlThA9hu18Viypo/u4eOC6clEyoFOeXn/pw+FY869lwX9ZqBz e5+EFXfLbvbe/xrgoZVwYHEIU1dNHwU= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-590-5UydmYLKMWyfxrfsMBfCSg-1; Wed, 13 Oct 2021 16:07:23 -0400 X-MC-Unique: 5UydmYLKMWyfxrfsMBfCSg-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E154C801ADA; Wed, 13 Oct 2021 20:07:18 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A538360CA1; Wed, 13 Oct 2021 20:07:18 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id BE7D44A703; Wed, 13 Oct 2021 20:07:17 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 19DK34FI023028 for ; Wed, 13 Oct 2021 16:03:04 -0400 Received: by smtp.corp.redhat.com (Postfix) id D06811B480; Wed, 13 Oct 2021 20:03:04 +0000 (UTC) Received: from x2.localnet (unknown [10.22.33.236]) by smtp.corp.redhat.com (Postfix) with ESMTP id 330135BAFB; Wed, 13 Oct 2021 20:02:32 +0000 (UTC) From: Steve Grubb To: corbet@lwn.net, axboe@kernel.dk, agk@redhat.com, snitzer@redhat.com, ebiggers@kernel.org, tytso@mit.edu, paul@paul-moore.com, eparis@redhat.com, jmorris@namei.org, serge@hallyn.com, linux-audit@redhat.com Subject: Re: [RFC PATCH v7 07/16] ipe: add auditing support Date: Wed, 13 Oct 2021 16:02:30 -0400 Message-ID: <2159283.iZASKD2KPV@x2> Organization: Red Hat In-Reply-To: <1634151995-16266-8-git-send-email-deven.desai@linux.microsoft.com> References: <1634151995-16266-1-git-send-email-deven.desai@linux.microsoft.com> <1634151995-16266-8-git-send-email-deven.desai@linux.microsoft.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: linux-audit@redhat.com X-Mailman-Approved-At: Wed, 13 Oct 2021 16:07:15 -0400 Cc: linux-fscrypt@vger.kernel.org, dm-devel@redhat.com, jannh@google.com, deven.desai@linux.microsoft.com, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-block@vger.kernel.org, linux-security-module@vger.kernel.org, linux-audit@redhat.com X-BeenThere: linux-audit@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Linux Audit Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=linux-audit-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Hello, On Wednesday, October 13, 2021 3:06:26 PM EDT deven.desai@linux.microsoft.com wrote: > Users of IPE require a way to identify when and why an operation fails, > allowing them to both respond to violations of policy and be notified > of potentially malicious actions on their systens with respect to IPE > itself. Would you mind sending examples of audit events so that we can see what the end result is? Some people add them to the commit text. But we still need to see what they look like. Thanks, -Steve -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D227CC433F5 for ; Wed, 13 Oct 2021 20:03:14 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B4C9E60E0B for ; Wed, 13 Oct 2021 20:03:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231657AbhJMUFR (ORCPT ); Wed, 13 Oct 2021 16:05:17 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:58317 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231639AbhJMUFQ (ORCPT ); Wed, 13 Oct 2021 16:05:16 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1634155392; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=hhdJcjen3v6j5NvKxp+J2wwagi0CnajVx1UoxFM+giI=; b=DnpuVlqXK5Q6QbKidRHSG2ctbkHZDsvD+LG2N3GG69nAOZ9oDvTOKsm+0pUKS94Rdbla/O 2uR5TNWjzLd6x/RQ9K/11MB8NGjgmtttrDaHsU6oFYbZoGnupPeT8xnlxLMW1KBQS3DcHp SEA2nGd6VgKJX51hb4N/9jjMdqqboyQ= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-118-2vNBfazkO4WqK0T5L2x5ww-1; Wed, 13 Oct 2021 16:03:07 -0400 X-MC-Unique: 2vNBfazkO4WqK0T5L2x5ww-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D26091006AB1; Wed, 13 Oct 2021 20:03:04 +0000 (UTC) Received: from x2.localnet (unknown [10.22.33.236]) by smtp.corp.redhat.com (Postfix) with ESMTP id 330135BAFB; Wed, 13 Oct 2021 20:02:32 +0000 (UTC) From: Steve Grubb To: corbet@lwn.net, axboe@kernel.dk, agk@redhat.com, snitzer@redhat.com, ebiggers@kernel.org, tytso@mit.edu, paul@paul-moore.com, eparis@redhat.com, jmorris@namei.org, serge@hallyn.com, linux-audit@redhat.com Cc: linux-security-module@vger.kernel.org, linux-doc@vger.kernel.org, jannh@google.com, linux-fscrypt@vger.kernel.org, linux-kernel@vger.kernel.org, linux-block@vger.kernel.org, dm-devel@redhat.com, linux-audit@redhat.com, deven.desai@linux.microsoft.com Subject: Re: [RFC PATCH v7 07/16] ipe: add auditing support Date: Wed, 13 Oct 2021 16:02:30 -0400 Message-ID: <2159283.iZASKD2KPV@x2> Organization: Red Hat In-Reply-To: <1634151995-16266-8-git-send-email-deven.desai@linux.microsoft.com> References: <1634151995-16266-1-git-send-email-deven.desai@linux.microsoft.com> <1634151995-16266-8-git-send-email-deven.desai@linux.microsoft.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Precedence: bulk List-ID: X-Mailing-List: linux-block@vger.kernel.org Hello, On Wednesday, October 13, 2021 3:06:26 PM EDT deven.desai@linux.microsoft.com wrote: > Users of IPE require a way to identify when and why an operation fails, > allowing them to both respond to violations of policy and be notified > of potentially malicious actions on their systens with respect to IPE > itself. Would you mind sending examples of audit events so that we can see what the end result is? Some people add them to the commit text. But we still need to see what they look like. Thanks, -Steve