From mboxrd@z Thu Jan 1 00:00:00 1970 From: Richard Guy Briggs Subject: [PATCH ghak100 V2 0/2] audit: avoid umount hangs on missing mount Date: Wed, 23 Jan 2019 13:34:58 -0500 Message-ID: Return-path: Sender: linux-kernel-owner@vger.kernel.org To: linux-fsdevel@vger.kernel.org, viro@ZenIV.linux.org.uk, LKML , Linux-Audit Mailing List Cc: Paul Moore , Steve Grubb , Eric Paris , Richard Guy Briggs List-Id: linux-audit@redhat.com On user and remote filesystems, a forced umount can still hang due to attemting to fetch the fcaps of a mounted filesystem that is no longer available. These two patches take different approaches to address this, one by avoiding the lookup when the MNT_FORCE flag is included, the other by providing a method to filter out auditing specified types of filesystems. This can happen on ceph, cifs, 9p, lustre, fuse (gluster) or NFS or any other userspace or remote filesystem. Arguably the better way to address this issue is to avoid auditing processes that touch removable filesystems. Please see the github issue tracker https://github.com/linux-audit/audit-kernel/issues/100 Passes audit-testsuite including ghak100 branch. Changelog: v2: - rebase on v5.0-rc1 audit/next - refactor 3 levels of *if* indentation down to 1 incl. orig - rename LOOKUP_NO_REVAL to LOOKUP_NO_EVAL to avoid existing usage conflict - don't depend on MNT_FORCE - rename AUDIT_INODE_NOREVAL to AUDIT_INODE_NOREVAL to be consistent - rename lflags to flags and flags to aflags - document LOOKUP_ flags - signal cap_* values unknown and set cap_* fields to "?" indicating so Richard Guy Briggs (2): audit: more filter PATH records keyed on filesystem magic audit: ignore fcaps on umount fs/namei.c | 2 +- fs/namespace.c | 2 ++ include/linux/audit.h | 15 ++++++++++----- include/linux/namei.h | 3 +++ kernel/audit.c | 10 +++++++++- kernel/audit.h | 2 +- kernel/auditsc.c | 41 ++++++++++++++++++++++++++++++----------- 7 files changed, 56 insertions(+), 19 deletions(-) -- 1.8.3.1