From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 01FF1C433FE for ; Fri, 4 Mar 2022 01:28:26 +0000 (UTC) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-590-cO9iwyBiNB20Mpbz4DgamQ-1; Thu, 03 Mar 2022 20:28:22 -0500 X-MC-Unique: cO9iwyBiNB20Mpbz4DgamQ-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D90381091DA0; Fri, 4 Mar 2022 01:28:18 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E41761000077; Fri, 4 Mar 2022 01:28:17 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 394D44A701; Fri, 4 Mar 2022 01:28:15 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 2241R0h6013722 for ; Thu, 3 Mar 2022 20:27:00 -0500 Received: by smtp.corp.redhat.com (Postfix) id A5EB9145455C; Fri, 4 Mar 2022 01:26:59 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast03.extmail.prod.ext.rdu2.redhat.com [10.11.55.19]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A19E4141DC29 for ; Fri, 4 Mar 2022 01:26:59 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 8827C811E75 for ; Fri, 4 Mar 2022 01:26:59 +0000 (UTC) Received: from sonic301-36.consmr.mail.ne1.yahoo.com (sonic301-36.consmr.mail.ne1.yahoo.com [66.163.184.205]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-346--BVRaj5ZMB2Q-0q6COWExA-1; Thu, 03 Mar 2022 20:26:57 -0500 X-MC-Unique: -BVRaj5ZMB2Q-0q6COWExA-1 X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1646357217; bh=3szUmKguUmL85OUn4VzosRmckMaoAngiMgsLlFp725g=; h=X-Sonic-MF:Date:Subject:To:From:From:Subject; b=FPY9FPXHgTpC7227wNkyqByRuMlajNLLjjiQ3GuY/tkBpy5hLNXI3PNd04AvKvJjF2LmtoaUyQdeRx8pGNWLnn5M1eOQh2e5Tv8882SYsHo2bs2ACUBKjYHyIaAW+qJ7iTEwwPk7JhFg/vFOwDqJcf0+TJPNqpnw8ctNRW8sVXYwManszcdw8hsfrcOOOQeViGRmzZVvMQbH+SYkp+QqzkUhUD9/tgLwKtOKLjtzP8SeZssOjLYWNixSIyOuxEpD1ri0XdiLT/R+isqRI2RxFeXKeESsr0DRdkH3oe28a18z83EeId0j3a78WrOoIRns4VqfEeklq/7HE/memOo9iQ== X-YMail-OSG: uAVAj6MVM1lAGPtJIYEsbxv5DqIna1GK_3Mx3klJ9vHZEibEhjgGJxt9jymqone dJr2R4kHOc7DADAR.lDSSkyAoOdG1_QJvhkAUP4ybpk8YFhAgmoeYRP0r9mq4EbP59ouKJiJ5wGv MmDTu_Mc3lOqJDOLUNCUdU7lUuf611QYUG_UKgP42L.sF5OWyCZJNL4t2YAJl3M0r0doVydTVUq3 9mK5ZrS82YeE06sQB.3sWz2.6PUfrE_Q_WYwcDL9alxYmvZbVekXRVZHOW7mRvbj9aaV3x3TC9Yv f.gprv0jKL4hqbPK0CwvEtFeF_stZ681gGuUtUPmQJh6509IdU2n7Fj6hwUFYl_FN5qpvNSkY57h MlqahoqgEgq.KUNRj9j_veN9dlF8ZqPlwZjDvp7RpDq22.LfzJ7e0H3PnSyxWwPId_fQYLaq4Isi 0trCOyn_IWeOI0Q3FqvenEBy6wu8oLChk.UZGMVv18erq_H3te4FaoCVyA1Vo1TxN1VcPC3vqRrQ 2xCnnnR5s8npUl01YfjaIZNVIb64HcM_pmHTEGSC_OrFmQHRcugrKe.fHgRcV__dTLUfcw26ZnVQ sjXNxBJJhc48fw6WrrZQAnNyDZm2AhQgCh4_3t1wSkMzDfr8jP.mCnRTL3YvjSJgY3xZNuYfZvu0 lwgmVjTu1KpffnuJ93MP22NDmWmK9wce2C4sYgBdDd9JumKK1LnevjRi1GlD2leeXSpNd4g7nKdO e4fS5vFMbP7mkarsFTFps40YeGbcCjVOFyAvSL.8GO6bbBnYd1U36pj0KSWNSliC2eIHjDceS4kV 1pGl8MKStrCuSg8yeSpcNe3URwOH5NmLyNWN1ZafMWoVAviFHBWo9nza0ZSBVIeGKydX95NoyIPQ rEIdhKH4SNHBv8x26Rf9dAZZkjQ1Y8Y0tMZFxo9OSvaYKn9nOYjr6Pw1Is6eLLd_Cq4NK.5NYUia P_odNufY1oJVx967lriYgJ2jQrTdVDpUFBHSCOaURLMNRYc2tjnaW25.RSM3lAI12jpm0Q_q7oTz QBS_RR9oLgJdMWg9pBARfBMXMBIMYtpFg3CejMQZqLUptrcWr4lAws_driTGX1dBXL7VYqEl5dwr bufjI1WIxg9d25Ed2AWEFMpSUGxdJVZwPtCFJRIrx9pCAv.dOk0hwSlXz6T75.OPLIgGQuymhg11 cbnGC2Rh5if4tGBUuK7SncVsQ6zrPXcPBAbgyHe5HpWP4mDuKw_20zjjahU2AT4aSf7Xi3l_u5Ns .huoWE4PtFiy2mi41mt8lJ.HcVD5vhQTH56FLgyW8eFHvzr8fCduZhGa.OywAPLud9XjBr2PuUb7 lnRWiVYhMkrnTQ.Zgg9_wdi.K6oSQ5OOEJ_Mk7mL3OMy9aBjEiPBzjPTZtzUkvn6SpPXEPXGF.wf uVFZZBYwa_z6zPSCvWUQmG4xQT2sg0ilxFNDdq_fVrZjKmtGGlVA4xJwjHr7h7DASH9McXEbQ3nP QoIO3xoEVeGnPsu9ZGavTKjLJS1gAsc7Tj5tjMtbbT9_IHsa0iznUCoF7cH309ukH2Y50DHSY9x9 pP8WJb2bF6fFFLMOnCYIvjxxLY11rpdwSVEBZpamloph6rLpuUYS7eksJxVgwYnh9D6ujHuIcjsJ qJAQct9q2uFu6DzxrQZzdu2i5uOGeeI.kYea_zoUdg1ScFblxQ3s3tT2T_eafe6foDm.F2Y0CNqj BXz47tXpkiCD0vRkfgGbnP7MLtEaUFY1oAUpF_EXR33hZgCAzJnNETfRwUrUgLwaqp04ePtQzMPB zPz5CAHAqFI1wjmzwK0qeceVmnTz.kxhzhFakgE94p9chklfur7Ni0ugH3uMuiePR2YeX0.2Z289 9jR6y8TuHUm3oyniLfIb1ao02lZJm7eq4QDMmlXQQrM4dR.68eht0cwUstY_BDSFJOL2MqYVmkbE sZ53JpWg.r7zoRT0tMApe7apGwwY961Pan_3ZeHHU1yk7RjWGo.raeQ0_BR2LgBWo8ezrnDiKZ2M jibCb1R5Fw2q5XzQXmxfh03oqC2SjwKfwzufXpAt4OpW20EItI0KcCKG4UpQzts3hWTPIyRZMBAI qnhymgdIu1dVl4KR68n5wwfkkg0RApt2IQnhnAh3ATWboK3Au.PMNR555gq9xY46L.q74DYdhazl m_vPbRWmtjARmXfLryUgoqO12e9MGoNd70OMPF_dGwyDNuCAbKkAi8rzBi38wPLDagbV5ZGeG1bM KG1zzFEUjiBMBjCTcHZRpBnWJhAMJoyZ2K7D7TxSXFilPES26AzTk5qpiLxmqYGfLAND2iTOIeg- - X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic301.consmr.mail.ne1.yahoo.com with HTTP; Fri, 4 Mar 2022 01:26:57 +0000 Received: by kubenode536.mail-prod1.omega.gq1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID a537123eb6bfd1b2089ac85d04211ff7; Fri, 04 Mar 2022 01:26:55 +0000 (UTC) Message-ID: <0dad94cc-2f4a-536a-94a9-c74e99c2f4ef@schaufler-ca.com> Date: Thu, 3 Mar 2022 17:26:54 -0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.6.1 Subject: Re: [PATCH v32 26/28] Audit: Add record for multiple object security contexts To: Paul Moore References: <20220202235323.23929-1-casey@schaufler-ca.com> <20220202235323.23929-27-casey@schaufler-ca.com> From: Casey Schaufler In-Reply-To: X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 X-loop: linux-audit@redhat.com Cc: john.johansen@canonical.com, selinux@vger.kernel.org, jmorris@namei.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-audit@redhat.com, casey.schaufler@intel.com, sds@tycho.nsa.gov X-BeenThere: linux-audit@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Linux Audit Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=linux-audit-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" On 3/3/2022 3:36 PM, Paul Moore wrote: > On Wed, Feb 2, 2022 at 7:23 PM Casey Schaufler wrote: >> Create a new audit record AUDIT_MAC_OBJ_CONTEXTS. >> An example of the MAC_OBJ_CONTEXTS (1421) record is: >> >> type=MAC_OBJ_CONTEXTS[1421] >> msg=audit(1601152467.009:1050): >> obj_selinux=unconfined_u:object_r:user_home_t:s0 >> >> When an audit event includes a AUDIT_MAC_OBJ_CONTEXTS record >> the "obj=" field in other records in the event will be "obj=?". >> An AUDIT_MAC_OBJ_CONTEXTS record is supplied when the system has >> multiple security modules that may make access decisions based >> on an object security context. >> >> Signed-off-by: Casey Schaufler >> --- >> include/linux/audit.h | 5 ++++ >> include/uapi/linux/audit.h | 1 + >> kernel/audit.c | 59 ++++++++++++++++++++++++++++++++++++++ >> kernel/auditsc.c | 37 ++++-------------------- >> 4 files changed, 70 insertions(+), 32 deletions(-) > ... > >> diff --git a/kernel/audit.c b/kernel/audit.c >> index e8744e80ef21..3b9ce617b150 100644 >> --- a/kernel/audit.c >> +++ b/kernel/audit.c >> @@ -2199,6 +2200,43 @@ int audit_log_task_context(struct audit_buffer *ab) >> } >> EXPORT_SYMBOL(audit_log_task_context); >> >> +void audit_log_object_context(struct audit_buffer *ab, struct lsmblob *blob) >> +{ >> + struct audit_context_entry *ace; >> + struct lsmcontext context; >> + int error; >> + >> + if (!lsm_multiple_contexts()) { >> + error = security_secid_to_secctx(blob, &context, LSMBLOB_FIRST); >> + if (error) { >> + if (error != -EINVAL) >> + goto error_path; >> + return; >> + } >> + audit_log_format(ab, " obj=%s", context.context); >> + security_release_secctx(&context); >> + } else { >> + /* >> + * If there is more than one security module that has a >> + * object "context" it's necessary to put the object data >> + * into a separate record to maintain compatibility. >> + */ > I know this is nitpicky, but I'm going to say it anyway ... the > separate record isn't purely for compatibility reasons, it's for size > reasons. There is a fear that multiple LSM labels could blow past the > record size limit when combined with other fields, so putting them in > their own dedicated record gives us more room. If that wasn't the > case we could just tack them on the end of existing records. Fair enough. I have no objection to adding commentary that will help the next developer who comes into this code. > > However, converting the existing "obj=" field into "obj=?" when > multiple LSM labels are present *is* a compatibility nod as it allows > existing userspace tooling that expects a single "obj=" field to > continue to work. Likewise here. > >> + audit_log_format(ab, " obj=?"); >> + ace = kzalloc(sizeof(*ace), ab->gfp_mask); >> + if (!ace) >> + goto error_path; >> + INIT_LIST_HEAD(&ace->list); >> + ace->type = AUDIT_MAC_OBJ_CONTEXTS; >> + ace->lsm_objs = *blob; >> + list_add(&ace->list, &ab->aux_records); >> + } >> + return; >> + >> +error_path: >> + audit_panic("error in audit_log_object_context"); >> +} >> +EXPORT_SYMBOL(audit_log_object_context); >> + -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit