From: Richard Weinberger <richard@sigma-star.at>
To: Richard Weinberger <richard@nod.at>, upstream@sigma-star.at
Cc: netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
pabeni@redhat.com, kuba@kernel.org, edumazet@google.com,
davem@davemloft.net, kadlec@netfilter.org, pablo@netfilter.org,
rgb@redhat.com, upstream+net@sigma-star.at,
audit@vger.kernel.org, linux-security-module@vger.kernel.org,
Paul Moore <paul@paul-moore.com>
Subject: Re: [PATCH] netfilter: Record uid and gid in xt_AUDIT
Date: Thu, 10 Oct 2024 08:24:28 +0200 [thread overview]
Message-ID: <4370155.VQJxnDRnGh@somecomputer> (raw)
In-Reply-To: <CAHC9VhSbAM3iWxhO+rgJ0d0qOtrSouw0McrjstuP5xQw3=A35Q@mail.gmail.com>
Am Donnerstag, 10. Oktober 2024, 00:02:44 CEST schrieb Paul Moore:
> [CC'ing the audit and LSM lists for obvious reasons]
>
> If we're logging the subjective credentials of the skb's associated
> socket, we really should also log the socket's LSM secctx similar to
> what we do with audit_log_task() and audit_log_task_context().
> Unfortunately, I don't believe we currently have a LSM interface that
> return the secctx from a sock/socket, although we do have
> security_inode_getsecctx() which *should* yield the same result using
> SOCK_INODE(sk->sk_socket).
Hm, I thought about that but saw 2173c519d5e91 ("audit: normalize NETFILTER_PKT").
It removed usage of audit_log_secctx() and many other, IMHO, useful fields.
What about skb->secctx?
>
> I should also mention that I'm currently reviewing a patchset which is
> going to add proper support for multiple LSMs in audit which will
> likely impact this work.
>
> https://lore.kernel.org/linux-security-module/20241009173222.12219-1-casey@schaufler-ca.com/
Ok!
Thanks,
//richard
--
sigma star gmbh | Eduard-Bodem-Gasse 6, 6020 Innsbruck, AUT
UID/VAT Nr: ATU 66964118 | FN: 374287y
next prev parent reply other threads:[~2024-10-10 6:24 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-09 20:32 [PATCH] netfilter: Record uid and gid in xt_AUDIT Richard Weinberger
2024-10-09 21:33 ` Florian Westphal
2024-10-09 21:46 ` Paul Moore
2024-10-09 22:34 ` Florian Westphal
2024-10-10 2:02 ` Paul Moore
2024-10-10 17:59 ` Florian Westphal
2024-10-10 19:13 ` Paul Moore
2024-10-10 6:27 ` Richard Weinberger
2024-10-10 13:48 ` Florian Westphal
2024-10-10 13:53 ` Jan Engelhardt
2024-10-10 20:09 ` Richard Weinberger
2024-10-11 1:27 ` Florian Westphal
2024-10-11 13:12 ` Richard Weinberger
2024-10-09 22:02 ` Paul Moore
2024-10-10 6:24 ` Richard Weinberger [this message]
2024-10-10 19:09 ` Paul Moore
2024-10-10 20:40 ` Richard Weinberger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4370155.VQJxnDRnGh@somecomputer \
--to=richard@sigma-star.at \
--cc=audit@vger.kernel.org \
--cc=coreteam@netfilter.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=kadlec@netfilter.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
--cc=paul@paul-moore.com \
--cc=rgb@redhat.com \
--cc=richard@nod.at \
--cc=upstream+net@sigma-star.at \
--cc=upstream@sigma-star.at \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.