From mboxrd@z Thu Jan  1 00:00:00 1970
From: Richard Guy Briggs <rgb@redhat.com>
Subject: Re: Follow up on command line auditing
Date: Mon, 2 Dec 2013 13:19:37 -0500
Message-ID: <20131202181937.GG20438@madcap2.tricolour.ca>
References: <1385998941-15301-1-git-send-email-wroberts@tresys.com>
	<20131202160717.GF20438@madcap2.tricolour.ca>
	<CAFftDdr7RwMV=gwX3B+Q-wC6XfgiC9YB8++h08RWHS+CJvR1dw@mail.gmail.com>
	<20131202171859.GA20495@madcap2.tricolour.ca>
	<CAFftDdrba4va83GHaEt2nhjPTg=_5BhpNePqoU7=LX0B4zUK9w@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Content-Disposition: inline
In-Reply-To: <CAFftDdrba4va83GHaEt2nhjPTg=_5BhpNePqoU7=LX0B4zUK9w@mail.gmail.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: William Roberts <bill.c.roberts@gmail.com>
Cc: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

On Mon, Dec 02, 2013 at 10:10:27AM -0800, William Roberts wrote:
> On Mon, Dec 2, 2013 at 9:18 AM, Richard Guy Briggs <rgb@redhat.com> wrote:
> > On Mon, Dec 02, 2013 at 08:20:10AM -0800, William Roberts wrote:
> >> On Mon, Dec 2, 2013 at 8:07 AM, Richard Guy Briggs <rgb@redhat.com> wrote:
> >> > On Mon, Dec 02, 2013 at 07:42:20AM -0800, William Roberts wrote:
> >> >> Changelog since last post:
> >> >> * Rebase on latest master
> >> >>
> >> >> [PATCH] audit: Audit proc cmdline value
> >> >
> >> > Hi Bill,
> >> >
> >> > I wasn't expecting that you would squash everything down into one patch.
> >> > I think it should be at least two.  I'm comfortable with the changes in
> >> > the audit subsystem.  Could those be one patch?  As for the changes to
> >> > proc (including base and util) those might be better as a seperate
> >> > patch.
> >>
> >> Richard,
> >> Ok so what do you think the best way forward is? I don't want to duplicate
> >> code from proc/base.c. I would need to export proc_pid_cmdline()
> >> in the first patch or re-implement it in the audit subsystem, followed
> >> by a patch
> >> to merge the functionality. What would you prefer?
> >
> > I would split them into 3 patches:
> >
> > 1) implement the length and copy funcitons:
> >  include/linux/mm.h |    7 +++++
> >  mm/util.c          |   48 ++++++++++++++++++++++++++++++
> >
> > 2) use them in the proc call:
> >  fs/proc/base.c     |   35 +++++++---------------
> >
> > 3) use them in audit:
> >  kernel/audit.h     |    1 +
> >  kernel/auditsc.c   |   82 ++++++++++++++++++++++++++++++++++++++++++++++++++++
> >
> > Does this split make sense?  Combining 1 and 2 might be acceptable to
> > those subsystem maintainers...
> 
> You read my mind here after I sent this, this is exactly what I was thinking.
> 
> When I am done do I publish this to kernel mainline, here, or elsewhere?

Both here and lkml would make sense.  Find the respective maintainers
using scripts/get_maintainer.pl and Cc: them.

> Bill

- RGB

--
Richard Guy Briggs <rbriggs@redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545