From mboxrd@z Thu Jan  1 00:00:00 1970
From: Richard Guy Briggs <rgb@redhat.com>
Subject: Re: Follow up on command line auditing
Date: Mon, 2 Dec 2013 12:18:59 -0500
Message-ID: <20131202171859.GA20495@madcap2.tricolour.ca>
References: <1385998941-15301-1-git-send-email-wroberts@tresys.com>
	<20131202160717.GF20438@madcap2.tricolour.ca>
	<CAFftDdr7RwMV=gwX3B+Q-wC6XfgiC9YB8++h08RWHS+CJvR1dw@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Content-Disposition: inline
In-Reply-To: <CAFftDdr7RwMV=gwX3B+Q-wC6XfgiC9YB8++h08RWHS+CJvR1dw@mail.gmail.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: William Roberts <bill.c.roberts@gmail.com>
Cc: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

On Mon, Dec 02, 2013 at 08:20:10AM -0800, William Roberts wrote:
> On Mon, Dec 2, 2013 at 8:07 AM, Richard Guy Briggs <rgb@redhat.com> wrote:
> > On Mon, Dec 02, 2013 at 07:42:20AM -0800, William Roberts wrote:
> >> Changelog since last post:
> >> * Rebase on latest master
> >>
> >> [PATCH] audit: Audit proc cmdline value
> >
> > Hi Bill,
> >
> > I wasn't expecting that you would squash everything down into one patch.
> > I think it should be at least two.  I'm comfortable with the changes in
> > the audit subsystem.  Could those be one patch?  As for the changes to
> > proc (including base and util) those might be better as a seperate
> > patch.
> 
> Richard,
> Ok so what do you think the best way forward is? I don't want to duplicate
> code from proc/base.c. I would need to export proc_pid_cmdline()
> in the first patch or re-implement it in the audit subsystem, followed
> by a patch
> to merge the functionality. What would you prefer?

I would split them into 3 patches:

1) implement the length and copy funcitons:
 include/linux/mm.h |    7 +++++
 mm/util.c          |   48 ++++++++++++++++++++++++++++++

2) use them in the proc call:
 fs/proc/base.c     |   35 +++++++---------------

3) use them in audit:
 kernel/audit.h     |    1 +
 kernel/auditsc.c   |   82 ++++++++++++++++++++++++++++++++++++++++++++++++++++


Does this split make sense?  Combining 1 and 2 might be acceptable to
those subsystem maintainers...

> Bill

- RGB

--
Richard Guy Briggs <rbriggs@redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545