From: Steve Grubb <sgrubb@redhat.com>
To: Paul Moore <paul@paul-moore.com>
Cc: Jan Kara <jack@suse.cz>, Richard Guy Briggs <rgb@redhat.com>,
Amir Goldstein <amir73il@gmail.com>,
LKML <linux-kernel@vger.kernel.org>,
Linux-Audit Mailing List <linux-audit@redhat.com>,
linux-fsdevel@vger.kernel.org, Eric Paris <eparis@parisplace.org>
Subject: Re: [PATCH v4 3/4] fanotify, audit: Allow audit to use the full permission event response
Date: Thu, 08 Sep 2022 17:14:10 -0400 [thread overview]
Message-ID: <2603742.X9hSmTKtgW@x2> (raw)
In-Reply-To: <CAHC9VhRLwL6cBSXsZF09HWspeREf_tKxh0QdX1Hki=DPvHv7Vg@mail.gmail.com>
On Wednesday, September 7, 2022 4:23:49 PM EDT Paul Moore wrote:
> On Wed, Sep 7, 2022 at 4:11 PM Steve Grubb <sgrubb@redhat.com> wrote:
> > On Wednesday, September 7, 2022 2:43:54 PM EDT Richard Guy Briggs wrote:
> > > > > Ultimately I guess I'll leave it upto audit subsystem what it wants
> > > > > to
> > > > > have in its struct fanotify_response_info_audit_rule because for
> > > > > fanotify subsystem, it is just an opaque blob it is passing.
> > > >
> > > > In that case, let's stick with leveraging the type/len fields in the
> > > > fanotify_response_info_header struct, that should give us all the
> > > > flexibility we need.
> > > >
> > > > Richard and Steve, it sounds like Steve is already aware of
> > > > additional
> > > > information that he wants to send via the
> > > > fanotify_response_info_audit_rule struct, please include that in the
> > > > next revision of this patchset. I don't want to get this merged and
> > > > then soon after have to hack in additional info.
> > >
> > > Steve, please define the type and name of this additional field.
> >
> > Maybe extra_data, app_data, or extra_info. Something generic that can be
> > reused by any application. Default to 0 if not present.
>
> I think the point is being missed ... The idea is to not speculate on
> additional fields, as discussed we have ways to handle that, the issue
> was that Steve implied that he already had ideas for "things" he
> wanted to add. If there are "things" that need to be added, let's do
> that now, however if there is just speculation that maybe someday we
> might need to add something else we can leave that until later.
This is not speculation. I know what I want to put there. I know you want to
pin it down to exactly what it is. However, when this started a couple years
back, one of the concerns was that we're building something specific to 1 user
of fanotify. And that it would be better for all future users to have a
generic facility that everyone could use if they wanted to. That's why I'm
suggesting something generic, its so this is not special purpose that doesn't
fit any other use case.
-Steve
--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit
WARNING: multiple messages have this Message-ID (diff)
From: Steve Grubb <sgrubb@redhat.com>
To: Paul Moore <paul@paul-moore.com>
Cc: Richard Guy Briggs <rgb@redhat.com>, Jan Kara <jack@suse.cz>,
Linux-Audit Mailing List <linux-audit@redhat.com>,
LKML <linux-kernel@vger.kernel.org>,
linux-fsdevel@vger.kernel.org, Eric Paris <eparis@parisplace.org>,
Amir Goldstein <amir73il@gmail.com>
Subject: Re: [PATCH v4 3/4] fanotify,audit: Allow audit to use the full permission event response
Date: Thu, 08 Sep 2022 17:14:10 -0400 [thread overview]
Message-ID: <2603742.X9hSmTKtgW@x2> (raw)
In-Reply-To: <CAHC9VhRLwL6cBSXsZF09HWspeREf_tKxh0QdX1Hki=DPvHv7Vg@mail.gmail.com>
On Wednesday, September 7, 2022 4:23:49 PM EDT Paul Moore wrote:
> On Wed, Sep 7, 2022 at 4:11 PM Steve Grubb <sgrubb@redhat.com> wrote:
> > On Wednesday, September 7, 2022 2:43:54 PM EDT Richard Guy Briggs wrote:
> > > > > Ultimately I guess I'll leave it upto audit subsystem what it wants
> > > > > to
> > > > > have in its struct fanotify_response_info_audit_rule because for
> > > > > fanotify subsystem, it is just an opaque blob it is passing.
> > > >
> > > > In that case, let's stick with leveraging the type/len fields in the
> > > > fanotify_response_info_header struct, that should give us all the
> > > > flexibility we need.
> > > >
> > > > Richard and Steve, it sounds like Steve is already aware of
> > > > additional
> > > > information that he wants to send via the
> > > > fanotify_response_info_audit_rule struct, please include that in the
> > > > next revision of this patchset. I don't want to get this merged and
> > > > then soon after have to hack in additional info.
> > >
> > > Steve, please define the type and name of this additional field.
> >
> > Maybe extra_data, app_data, or extra_info. Something generic that can be
> > reused by any application. Default to 0 if not present.
>
> I think the point is being missed ... The idea is to not speculate on
> additional fields, as discussed we have ways to handle that, the issue
> was that Steve implied that he already had ideas for "things" he
> wanted to add. If there are "things" that need to be added, let's do
> that now, however if there is just speculation that maybe someday we
> might need to add something else we can leave that until later.
This is not speculation. I know what I want to put there. I know you want to
pin it down to exactly what it is. However, when this started a couple years
back, one of the concerns was that we're building something specific to 1 user
of fanotify. And that it would be better for all future users to have a
generic facility that everyone could use if they wanted to. That's why I'm
suggesting something generic, its so this is not special purpose that doesn't
fit any other use case.
-Steve
next prev parent reply other threads:[~2022-09-08 21:14 UTC|newest]
Thread overview: 91+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-09 17:22 [PATCH v4 0/4] fanotify: Allow user space to pass back additional audit info Richard Guy Briggs
2022-08-09 17:22 ` Richard Guy Briggs
2022-08-09 17:22 ` [PATCH v4 1/4] fanotify: Ensure consistent variable type for response Richard Guy Briggs
2022-08-09 17:22 ` Richard Guy Briggs
2022-08-09 17:22 ` [PATCH v4 2/4] fanotify: define struct members to hold response decision context Richard Guy Briggs
2022-08-09 17:22 ` Richard Guy Briggs
2022-08-10 6:22 ` Amir Goldstein
2022-08-10 6:22 ` Amir Goldstein
2022-08-19 11:24 ` Jan Kara
2022-08-19 11:24 ` Jan Kara
2022-08-10 14:28 ` kernel test robot
2022-08-10 14:28 ` kernel test robot
2022-08-19 16:25 ` Richard Guy Briggs
2022-08-19 16:25 ` Richard Guy Briggs
2022-08-19 16:25 ` Richard Guy Briggs
2022-08-19 17:17 ` Nick Desaulniers
2022-08-19 17:17 ` Nick Desaulniers
2022-08-19 17:17 ` Nick Desaulniers
2022-08-19 21:45 ` Richard Guy Briggs
2022-08-19 21:45 ` Richard Guy Briggs
2022-08-19 21:45 ` Richard Guy Briggs
2022-08-12 0:23 ` Matthew Bobrowski
2022-08-12 0:23 ` Matthew Bobrowski
2022-08-19 11:16 ` Jan Kara
2022-08-19 11:16 ` Jan Kara
2022-08-19 11:13 ` Jan Kara
2022-08-19 11:13 ` Jan Kara
2022-08-09 17:22 ` [PATCH v4 3/4] fanotify, audit: Allow audit to use the full permission event response Richard Guy Briggs
2022-08-09 17:22 ` [PATCH v4 3/4] fanotify,audit: " Richard Guy Briggs
2022-08-10 20:32 ` kernel test robot
2022-08-10 20:32 ` kernel test robot
2022-08-16 0:22 ` Paul Moore
2022-08-16 0:22 ` Paul Moore
2022-08-31 21:07 ` Richard Guy Briggs
2022-08-31 21:07 ` Richard Guy Briggs
2022-08-31 21:25 ` [PATCH v4 3/4] fanotify, audit: " Steve Grubb
2022-08-31 21:25 ` [PATCH v4 3/4] fanotify,audit: " Steve Grubb
2022-08-31 22:19 ` Richard Guy Briggs
2022-08-31 22:19 ` Richard Guy Briggs
2022-08-31 23:55 ` [PATCH v4 3/4] fanotify, audit: " Steve Grubb
2022-08-31 23:55 ` [PATCH v4 3/4] fanotify,audit: " Steve Grubb
2022-09-01 1:47 ` Paul Moore
2022-09-01 1:47 ` Paul Moore
2022-09-01 7:51 ` Jan Kara
2022-09-01 7:51 ` Jan Kara
2022-09-01 18:31 ` Paul Moore
2022-09-01 18:31 ` Paul Moore
2022-09-07 18:43 ` Richard Guy Briggs
2022-09-07 18:43 ` Richard Guy Briggs
2022-09-07 20:11 ` [PATCH v4 3/4] fanotify, audit: " Steve Grubb
2022-09-07 20:11 ` [PATCH v4 3/4] fanotify,audit: " Steve Grubb
2022-09-07 20:23 ` Paul Moore
2022-09-07 20:23 ` Paul Moore
2022-09-08 21:14 ` Steve Grubb [this message]
2022-09-08 21:14 ` Steve Grubb
2022-09-08 21:22 ` Paul Moore
2022-09-08 21:22 ` Paul Moore
2022-09-09 2:20 ` [PATCH v4 3/4] fanotify, audit: " Steve Grubb
2022-09-09 2:20 ` [PATCH v4 3/4] fanotify,audit: " Steve Grubb
2022-09-09 2:41 ` Richard Guy Briggs
2022-09-09 2:41 ` Richard Guy Briggs
2022-09-09 3:25 ` Paul Moore
2022-09-09 3:25 ` Paul Moore
2022-09-09 4:03 ` [PATCH v4 3/4] fanotify, audit: " Steve Grubb
2022-09-09 4:03 ` [PATCH v4 3/4] fanotify,audit: " Steve Grubb
2022-09-09 11:09 ` Jan Kara
2022-09-09 11:09 ` Jan Kara
2022-09-09 14:22 ` [PATCH v4 3/4] fanotify, audit: " Steve Grubb
2022-09-09 14:22 ` [PATCH v4 3/4] fanotify,audit: " Steve Grubb
2022-09-09 14:38 ` Richard Guy Briggs
2022-09-09 14:38 ` Richard Guy Briggs
2022-09-09 14:55 ` [PATCH v4 3/4] fanotify, audit: " Steve Grubb
2022-09-09 14:55 ` [PATCH v4 3/4] fanotify,audit: " Steve Grubb
2022-09-09 18:50 ` Richard Guy Briggs
2022-09-09 18:50 ` Richard Guy Briggs
2022-08-09 17:22 ` [PATCH v4 4/4] fanotify, audit: deliver fan_info as a hex-encoded string Richard Guy Briggs
2022-08-09 17:22 ` [PATCH v4 4/4] fanotify,audit: " Richard Guy Briggs
2022-08-10 19:15 ` [PATCH v4 4/4] fanotify, audit: " Steve Grubb
2022-08-10 19:15 ` [PATCH v4 4/4] fanotify,audit: " Steve Grubb
2022-08-11 2:23 ` [PATCH v4 4/4] fanotify, audit: " Richard Guy Briggs
2022-08-11 2:23 ` [PATCH v4 4/4] fanotify,audit: " Richard Guy Briggs
2022-08-15 21:15 ` [PATCH v4 4/4] fanotify, audit: " Steve Grubb
2022-08-15 21:15 ` [PATCH v4 4/4] fanotify,audit: " Steve Grubb
2022-08-16 0:31 ` [PATCH v4 4/4] fanotify, audit: " Paul Moore
2022-08-16 0:31 ` [PATCH v4 4/4] fanotify,audit: " Paul Moore
2022-08-16 13:37 ` [PATCH v4 4/4] fanotify, audit: " Steve Grubb
2022-08-16 13:37 ` [PATCH v4 4/4] fanotify,audit: " Steve Grubb
2022-08-19 21:42 ` [PATCH v4 4/4] fanotify, audit: " Richard Guy Briggs
2022-08-19 21:42 ` [PATCH v4 4/4] fanotify,audit: " Richard Guy Briggs
2022-08-10 5:21 ` [PATCH v4 0/4] fanotify: Allow user space to pass back additional audit info Amir Goldstein
2022-08-10 5:21 ` Amir Goldstein
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2603742.X9hSmTKtgW@x2 \
--to=sgrubb@redhat.com \
--cc=amir73il@gmail.com \
--cc=eparis@parisplace.org \
--cc=jack@suse.cz \
--cc=linux-audit@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=rgb@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.