From: Eric Paris <eparis@redhat.com>
To: kernel-hardening@lists.openwall.com
Cc: Andrew Morton <akpm@linux-foundation.org>,
Kees Cook <keescook@chromium.org>,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-arch@vger.kernel.org, linux-doc@vger.kernel.org,
netdev@vger.kernel.org, x86@kernel.org, arnd@arndb.de,
davem@davemloft.net, hpa@zytor.com, mingo@redhat.com,
oleg@redhat.com, peterz@infradead.org, rdunlap@xenotime.net,
mcgrathr@chromium.org, tglx@linutronix.de, luto@mit.edu,
serge.hallyn@canonical.com, djm@mindrot.org,
scarybeasts@gmail.com, indan@nul.nu, pmoore@redhat.com,
corbet@lwn.net, eric.dumazet@gmail.com, markus@chromium.org,
coreyb@linux.vnet.ibm.com, jmorris@namei.org
Subject: Re: Re: [PATCH v17 09/15] seccomp: remove duplicated failure logging
Date: Mon, 09 Apr 2012 15:33:08 -0400 [thread overview]
Message-ID: <1333999988.14260.9.camel@localhost> (raw)
In-Reply-To: <CABqD9hZVZQXA5cyufwWirWVUYZwSkjRxHR2CBKW5V62qD-DGtA@mail.gmail.com>
On Mon, 2012-04-09 at 14:26 -0500, Will Drewry wrote:
> On Fri, Apr 6, 2012 at 4:14 PM, Andrew Morton <akpm@linux-foundation.org> wrote:
> > On Thu, 29 Mar 2012 15:01:54 -0500
> > Will Drewry <wad@chromium.org> wrote:
> >> -void __audit_seccomp(unsigned long syscall)
> >> +void __audit_seccomp(unsigned long syscall, long signr, int code)
> >> {
> >> struct audit_buffer *ab;
> >>
> >> ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_ANOM_ABEND);
> >> - audit_log_abend(ab, "seccomp", SIGKILL);
> >> + audit_log_abend(ab, "seccomp", signr);
> >> audit_log_format(ab, " syscall=%ld", syscall);
> >> +#ifdef CONFIG_COMPAT
> >> + audit_log_format(ab, " compat=%d", is_compat_task());
> >> +#endif
> >
> > We don't need the ifdef for compilation reasons now.
> >
> > The question is: should we emit the compat= record on
> > non-compat-capable architectures? Doing so would be safer - making it
> > conditional invites people to write x86-only usersapce.
>
> I'd certainly prefer it always being there for exactly that reason.
>
> Kees, Eric, any preferences? Unless I hear one, I'll just drop the
> ifdefs in the next revision.
I'd just leave it in unconditionally. The audit parse libraries would
handle it just fine, but that doesn't mean everyone uses that tool to
parse the text.
-Eric
WARNING: multiple messages have this Message-ID (diff)
From: Eric Paris <eparis@redhat.com>
To: kernel-hardening@lists.openwall.com
Cc: Andrew Morton <akpm@linux-foundation.org>,
Kees Cook <keescook@chromium.org>,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-arch@vger.kernel.org, linux-doc@vger.kernel.org,
netdev@vger.kernel.org, x86@kernel.org, arnd@arndb.de,
davem@davemloft.net, hpa@zytor.com, mingo@redhat.com,
oleg@redhat.com, peterz@infradead.org, rdunlap@xenotime.net,
mcgrathr@chromium.org, tglx@linutronix.de, luto@mit.edu,
serge.hallyn@canonical.com, djm@mindrot.org,
scarybeasts@gmail.com, indan@nul.nu, pmoore@redhat.com,
corbet@lwn.net, eric.dumazet@gmail.com, markus@chromium.org,
coreyb@linux.vnet.ibm.com, jmorris@namei.org
Subject: Re: [kernel-hardening] Re: [PATCH v17 09/15] seccomp: remove duplicated failure logging
Date: Mon, 09 Apr 2012 15:33:08 -0400 [thread overview]
Message-ID: <1333999988.14260.9.camel@localhost> (raw)
Message-ID: <20120409193308.R5BGf-yH77D3Jcee2QPz9GiEHyiIdWcU6vMTVqdyWpQ@z> (raw)
In-Reply-To: <CABqD9hZVZQXA5cyufwWirWVUYZwSkjRxHR2CBKW5V62qD-DGtA@mail.gmail.com>
On Mon, 2012-04-09 at 14:26 -0500, Will Drewry wrote:
> On Fri, Apr 6, 2012 at 4:14 PM, Andrew Morton <akpm@linux-foundation.org> wrote:
> > On Thu, 29 Mar 2012 15:01:54 -0500
> > Will Drewry <wad@chromium.org> wrote:
> >> -void __audit_seccomp(unsigned long syscall)
> >> +void __audit_seccomp(unsigned long syscall, long signr, int code)
> >> {
> >> struct audit_buffer *ab;
> >>
> >> ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_ANOM_ABEND);
> >> - audit_log_abend(ab, "seccomp", SIGKILL);
> >> + audit_log_abend(ab, "seccomp", signr);
> >> audit_log_format(ab, " syscall=%ld", syscall);
> >> +#ifdef CONFIG_COMPAT
> >> + audit_log_format(ab, " compat=%d", is_compat_task());
> >> +#endif
> >
> > We don't need the ifdef for compilation reasons now.
> >
> > The question is: should we emit the compat= record on
> > non-compat-capable architectures? Doing so would be safer - making it
> > conditional invites people to write x86-only usersapce.
>
> I'd certainly prefer it always being there for exactly that reason.
>
> Kees, Eric, any preferences? Unless I hear one, I'll just drop the
> ifdefs in the next revision.
I'd just leave it in unconditionally. The audit parse libraries would
handle it just fine, but that doesn't mean everyone uses that tool to
parse the text.
-Eric
next prev parent reply other threads:[~2012-04-09 19:33 UTC|newest]
Thread overview: 125+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-03-29 20:01 [PATCH v17 00/15] seccomp_filter: BPF-based syscall filtering Will Drewry
2012-03-29 20:01 ` Will Drewry
2012-03-29 20:01 ` [PATCH v17 01/15] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs Will Drewry
2012-03-29 20:01 ` Will Drewry
2012-04-06 19:49 ` Andrew Morton
2012-04-06 19:55 ` Andy Lutomirski
2012-04-06 19:55 ` Andy Lutomirski
2012-04-06 20:47 ` Markus Gutschke
2012-04-06 20:47 ` Markus Gutschke
2012-04-06 20:54 ` Andrew Lutomirski
2012-04-06 20:54 ` Andrew Lutomirski
2012-04-06 21:04 ` Markus Gutschke
2012-04-06 21:04 ` Markus Gutschke
2012-04-06 21:15 ` Andrew Lutomirski
2012-04-06 21:15 ` Andrew Lutomirski
2012-04-06 21:32 ` Markus Gutschke
2012-04-06 21:32 ` Markus Gutschke
2012-04-10 19:12 ` Will Drewry
2012-04-10 19:12 ` Will Drewry
[not found] ` <1333051320-30872-2-git-send-email-wad-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>
2012-04-06 19:55 ` Andrew Morton
2012-04-06 19:55 ` Andrew Morton
2012-04-06 20:01 ` Andrew Lutomirski
2012-04-06 20:01 ` Andrew Lutomirski
2012-04-06 20:28 ` Jonathan Corbet
2012-04-06 20:28 ` Jonathan Corbet
2012-04-06 20:37 ` Andrew Lutomirski
2012-04-11 19:31 ` Michael Kerrisk (man-pages)
2012-04-12 0:15 ` Michael Kerrisk (man-pages)
2012-04-12 0:50 ` Andrew Lutomirski
2012-04-16 19:11 ` Rob Landley
2012-04-16 19:11 ` Rob Landley
2012-04-10 20:37 ` Rob Landley
2012-04-10 20:37 ` Rob Landley
2012-04-10 19:03 ` Will Drewry
2012-04-10 19:03 ` Will Drewry
2012-03-29 20:01 ` [PATCH v17 02/15] Fix apparmor for PR_{GET,SET}_NO_NEW_PRIVS Will Drewry
2012-03-29 20:01 ` Will Drewry
2012-03-29 20:01 ` [PATCH v17 03/15] sk_run_filter: add BPF_S_ANC_SECCOMP_LD_W Will Drewry
2012-03-29 20:01 ` Will Drewry
2012-03-29 20:01 ` [PATCH v17 04/15] net/compat.c,linux/filter.h: share compat_sock_fprog Will Drewry
2012-03-29 20:01 ` Will Drewry
2012-03-29 20:01 ` [PATCH v17 05/15] seccomp: kill the seccomp_t typedef Will Drewry
2012-03-29 20:01 ` Will Drewry
2012-03-29 20:01 ` [PATCH v17 06/15] arch/x86: add syscall_get_arch to syscall.h Will Drewry
2012-03-29 20:01 ` Will Drewry
2012-03-29 20:01 ` [PATCH v17 07/15] asm/syscall.h: add syscall_get_arch Will Drewry
2012-03-29 20:01 ` Will Drewry
2012-04-06 20:05 ` Andrew Morton
2012-04-09 19:24 ` Will Drewry
2012-04-09 19:24 ` Will Drewry
2012-03-29 20:01 ` [PATCH v17 08/15] seccomp: add system call filtering using BPF Will Drewry
2012-03-29 20:01 ` Will Drewry
2012-03-31 4:40 ` Vladimir Murzin
2012-03-31 18:14 ` Will Drewry
2012-03-31 18:14 ` Will Drewry
2012-04-06 20:23 ` Andrew Morton
2012-04-06 20:44 ` Kees Cook
2012-04-06 20:44 ` Kees Cook
2012-04-06 21:05 ` Andrew Morton
2012-04-06 21:06 ` H. Peter Anvin
2012-04-06 21:06 ` H. Peter Anvin
2012-04-06 21:09 ` Andrew Morton
2012-04-06 21:09 ` Andrew Morton
2012-04-08 18:22 ` Indan Zupancic
2012-04-08 18:22 ` Indan Zupancic
2012-04-09 19:59 ` Will Drewry
2012-04-09 19:59 ` Will Drewry
2012-04-10 9:48 ` James Morris
2012-04-10 9:48 ` James Morris
2012-04-10 20:00 ` Andrew Morton
2012-04-10 20:16 ` Will Drewry
2012-04-10 20:16 ` Will Drewry
2012-04-10 10:34 ` Eric Dumazet
2012-04-10 10:34 ` Eric Dumazet
2012-04-10 19:54 ` Andrew Morton
2012-04-10 20:15 ` Will Drewry
2012-04-10 20:15 ` Will Drewry
2012-03-29 20:01 ` [PATCH v17 09/15] seccomp: remove duplicated failure logging Will Drewry
2012-03-29 20:01 ` Will Drewry
2012-04-06 21:14 ` Andrew Morton
2012-04-06 21:14 ` Andrew Morton
2012-04-09 19:26 ` Will Drewry
2012-04-09 19:26 ` Will Drewry
2012-04-09 19:32 ` Kees Cook
2012-04-09 19:32 ` Kees Cook
2012-04-09 19:33 ` Eric Paris [this message]
2012-04-09 19:33 ` [kernel-hardening] " Eric Paris
2012-04-09 19:39 ` Kees Cook
2012-04-09 19:39 ` Kees Cook
2012-03-29 20:01 ` [PATCH v17 10/15] seccomp: add SECCOMP_RET_ERRNO Will Drewry
2012-03-29 20:01 ` Will Drewry
2012-04-06 21:19 ` Andrew Morton
2012-04-06 21:19 ` Andrew Morton
2012-04-09 19:19 ` Will Drewry
2012-03-29 20:01 ` [PATCH v17 11/15] signal, x86: add SIGSYS info and make it synchronous Will Drewry
2012-03-29 20:01 ` Will Drewry
2012-03-29 20:01 ` [PATCH v17 12/15] seccomp: Add SECCOMP_RET_TRAP Will Drewry
2012-03-29 20:01 ` Will Drewry
2012-03-29 20:01 ` [PATCH v17 13/15] ptrace,seccomp: Add PTRACE_SECCOMP support Will Drewry
2012-03-29 20:01 ` Will Drewry
2012-04-06 21:24 ` Andrew Morton
2012-04-06 21:24 ` Andrew Morton
2012-04-09 19:38 ` Will Drewry
2012-04-09 19:38 ` Will Drewry
2012-03-29 20:01 ` [PATCH v17 14/15] x86: Enable HAVE_ARCH_SECCOMP_FILTER Will Drewry
2012-03-29 20:01 ` Will Drewry
2012-03-29 20:02 ` [PATCH v17 15/15] Documentation: prctl/seccomp_filter Will Drewry
2012-03-29 20:02 ` Will Drewry
2012-04-06 21:26 ` Andrew Morton
2012-04-06 21:26 ` Andrew Morton
2012-04-09 19:46 ` Will Drewry
2012-04-09 19:46 ` Will Drewry
2012-04-09 20:47 ` Markus Gutschke
2012-04-09 20:47 ` Markus Gutschke
2012-04-09 20:58 ` Ryan Ware
2012-04-09 20:58 ` Ryan Ware
2012-04-09 22:47 ` Will Drewry
2012-04-09 22:47 ` Will Drewry
2012-04-10 17:49 ` Ryan Ware
2012-04-10 17:49 ` Ryan Ware
2012-03-29 23:11 ` [PATCH v17 00/15] seccomp_filter: BPF-based syscall filtering James Morris
2012-03-29 23:11 ` James Morris
2012-04-06 21:28 ` Andrew Morton
2012-04-09 3:48 ` James Morris
2012-04-09 3:48 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1333999988.14260.9.camel@localhost \
--to=eparis@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=corbet@lwn.net \
--cc=coreyb@linux.vnet.ibm.com \
--cc=davem@davemloft.net \
--cc=djm@mindrot.org \
--cc=eric.dumazet@gmail.com \
--cc=hpa@zytor.com \
--cc=indan@nul.nu \
--cc=jmorris@namei.org \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=luto@mit.edu \
--cc=markus@chromium.org \
--cc=mcgrathr@chromium.org \
--cc=mingo@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=oleg@redhat.com \
--cc=peterz@infradead.org \
--cc=pmoore@redhat.com \
--cc=rdunlap@xenotime.net \
--cc=scarybeasts@gmail.com \
--cc=serge.hallyn@canonical.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).