linux-audit.redhat.com archive mirror
 help / color / mirror / Atom feed
From: Steve Grubb <sgrubb@redhat.com>
To: linux-audit@redhat.com
Cc: Paul Osmialowski <p.osmialowsk@samsung.com>,
	linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov
Subject: Re: [RFC PATCH v3 3/5] lsm: add support for auditing kdbus service names
Date: Fri, 09 Oct 2015 12:25:55 -0400	[thread overview]
Message-ID: <1800266.KI1jez7jKq@x2> (raw)
In-Reply-To: <5617D5E8.3000305@tycho.nsa.gov>

On Friday, October 09, 2015 10:57:44 AM Stephen Smalley wrote:
> On 10/07/2015 07:08 PM, Paul Moore wrote:
> > The kdbus service names will be recorded using 'service', similar to
> > the existing dbus audit records.
> > 
> > Signed-off-by: Paul Moore <pmoore@redhat.com>
> > 
> > ---
> > ChangeLog:
> > - v3
> > 
> >   * Ported to the 4.3-rc4 based kdbus tree
> > 
> > - v2
> > 
> >   * Initial draft
> > 
> > ---
> > 
> >   include/linux/lsm_audit.h |    2 ++
> >   security/lsm_audit.c      |    4 ++++
> >   2 files changed, 6 insertions(+)
> > 
> > diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h
> > index ffb9c9d..d6a656f 100644
> > --- a/include/linux/lsm_audit.h
> > +++ b/include/linux/lsm_audit.h
> > @@ -59,6 +59,7 @@ struct common_audit_data {
> > 
> >   #define LSM_AUDIT_DATA_INODE	9
> >   #define LSM_AUDIT_DATA_DENTRY	10
> >   #define LSM_AUDIT_DATA_IOCTL_OP	11
> > 
> > +#define LSM_AUDIT_DATA_KDBUS	12
> > 
> >   	union 	{
> >   	
> >   		struct path path;
> >   		struct dentry *dentry;
> > 
> > @@ -75,6 +76,7 @@ struct common_audit_data {
> > 
> >   #endif
> >   
> >   		char *kmod_name;
> >   		struct lsm_ioctlop_audit *op;
> > 
> > +		const char *kdbus_name;
> > 
> >   	} u;
> >   	/* this union contains LSM specific data */
> >   	union {
> > 
> > diff --git a/security/lsm_audit.c b/security/lsm_audit.c
> > index cccbf30..0a3dc1b 100644
> > --- a/security/lsm_audit.c
> > +++ b/security/lsm_audit.c
> > @@ -397,6 +397,10 @@ static void dump_common_audit_data(struct
> > audit_buffer *ab,> 
> >   		audit_log_format(ab, " kmod=");
> >   		audit_log_untrustedstring(ab, a->u.kmod_name);
> >   		break;
> > 
> > +	case LSM_AUDIT_DATA_KDBUS:
> > +		audit_log_format(ab, " service=");
> 
> Not a major issue to me, but just wondering if this needs to be further
> qualified to indicate it is a kdbus service.  service= is rather generic.

>From the audit perspective, its fine as service. Too many names that mean the 
same thing causes string lookup tables to get big. Service is what dbus is 
currently using. So, it makes sense to re-use the field name. If the selinux 
tooling wants to know an AVC originated from kdbus activity, then maybe 
another name=value should be added.

-Steve
 
> > +		audit_log_untrustedstring(ab, a->u.kdbus_name);
> > +		break;
> > 
> >   	} /* switch (a->type) */
> >   
> >   }
> > 
> > _______________________________________________
> > Selinux mailing list
> > Selinux@tycho.nsa.gov
> > To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> > To get help, send an email containing "help" to
> > Selinux-request@tycho.nsa.gov.
> --
> Linux-audit mailing list
> Linux-audit@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit

  reply	other threads:[~2015-10-09 16:25 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-10-07 23:08 [RFC PATCH v3 0/5] kdbus LSM/SELinux hooks Paul Moore
2015-10-07 23:08 ` [RFC PATCH v3 1/5] kdbus: add creator credentials to the endpoints Paul Moore
2015-10-09 14:31   ` Stephen Smalley
2015-10-09 14:57     ` Paul Moore
2015-10-07 23:08 ` [RFC PATCH v3 2/5] lsm: introduce hooks for kdbus Paul Moore
2015-10-09 14:56   ` Stephen Smalley
2015-10-19 22:29     ` Paul Moore
2015-10-20 20:41       ` Stephen Smalley
2015-10-29 20:38         ` Paul Moore
2015-10-07 23:08 ` [RFC PATCH v3 3/5] lsm: add support for auditing kdbus service names Paul Moore
2015-10-09 14:57   ` Stephen Smalley
2015-10-09 16:25     ` Steve Grubb [this message]
2015-10-09 16:40       ` Stephen Smalley
2015-10-07 23:08 ` [RFC PATCH v3 4/5] selinux: introduce kdbus names into the policy Paul Moore
2015-10-09 16:38   ` Stephen Smalley
2015-10-07 23:08 ` [RFC PATCH v3 5/5] selinux: introduce kdbus access controls Paul Moore
2015-10-08 16:55   ` Paul Moore
2015-10-09 15:05   ` Stephen Smalley
2015-10-09 15:39     ` Paul Moore
2015-10-09 20:17       ` Stephen Smalley
2015-10-09 20:29         ` Paul Moore

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1800266.KI1jez7jKq@x2 \
    --to=sgrubb@redhat.com \
    --cc=linux-audit@redhat.com \
    --cc=linux-security-module@vger.kernel.org \
    --cc=p.osmialowsk@samsung.com \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).