From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933463AbcDLV0q (ORCPT ); Tue, 12 Apr 2016 17:26:46 -0400 Received: from h2.hallyn.com ([78.46.35.8]:33474 "EHLO h2.hallyn.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933798AbcDLV0o (ORCPT ); Tue, 12 Apr 2016 17:26:44 -0400 Date: Tue, 12 Apr 2016 16:26:42 -0500 From: "Serge E. Hallyn" To: Kees Cook Cc: James Morris , Joe Perches , Mimi Zohar , Andy Shevchenko , Andrew Morton , "Serge E. Hallyn" , Jonathan Corbet , Kalle Valo , Mauro Carvalho Chehab , Guenter Roeck , Jiri Slaby , Paul Moore , Stephen Smalley , Casey Schaufler , Andreas Gruenbacher , Rasmus Villemoes , Ulf Hansson , Vitaly Kuznetsov , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org Subject: Re: [PATCH v4 4/6] Yama: consolidate error reporting Message-ID: <20160412212642.GD12324@mail.hallyn.com> References: <1460480085-32263-1-git-send-email-keescook@chromium.org> <1460480085-32263-5-git-send-email-keescook@chromium.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1460480085-32263-5-git-send-email-keescook@chromium.org> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Quoting Kees Cook (keescook@chromium.org): > Use a common error reporting function for Yama violation reports, and give > more detail into the process command lines. > > Signed-off-by: Kees Cook Acked-by: Serge Hallyn > --- > security/yama/yama_lsm.c | 31 +++++++++++++++++++++---------- > 1 file changed, 21 insertions(+), 10 deletions(-) > > diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c > index cb6ed10816d4..c19f6e5df9a3 100644 > --- a/security/yama/yama_lsm.c > +++ b/security/yama/yama_lsm.c > @@ -18,6 +18,7 @@ > #include > #include > #include > +#include > > #define YAMA_SCOPE_DISABLED 0 > #define YAMA_SCOPE_RELATIONAL 1 > @@ -41,6 +42,22 @@ static DEFINE_SPINLOCK(ptracer_relations_lock); > static void yama_relation_cleanup(struct work_struct *work); > static DECLARE_WORK(yama_relation_work, yama_relation_cleanup); > > +static void report_access(const char *access, struct task_struct *target, > + struct task_struct *agent) > +{ > + char *target_cmd, *agent_cmd; > + > + target_cmd = kstrdup_quotable_cmdline(target, GFP_KERNEL); > + agent_cmd = kstrdup_quotable_cmdline(agent, GFP_KERNEL); > + > + pr_notice_ratelimited( > + "ptrace %s of \"%s\"[%d] was attempted by \"%s\"[%d]\n", > + access, target_cmd, target->pid, agent_cmd, agent->pid); > + > + kfree(agent_cmd); > + kfree(target_cmd); > +} > + > /** > * yama_relation_cleanup - remove invalid entries from the relation list > * > @@ -307,11 +324,8 @@ static int yama_ptrace_access_check(struct task_struct *child, > } > } > > - if (rc && (mode & PTRACE_MODE_NOAUDIT) == 0) { > - printk_ratelimited(KERN_NOTICE > - "ptrace of pid %d was attempted by: %s (pid %d)\n", > - child->pid, current->comm, current->pid); > - } > + if (rc && (mode & PTRACE_MODE_NOAUDIT) == 0) > + report_access("attach", child, current); > > return rc; > } > @@ -337,11 +351,8 @@ int yama_ptrace_traceme(struct task_struct *parent) > break; > } > > - if (rc) { > - printk_ratelimited(KERN_NOTICE > - "ptraceme of pid %d was attempted by: %s (pid %d)\n", > - current->pid, parent->comm, parent->pid); > - } > + if (rc) > + report_access("traceme", current, parent); > > return rc; > } > -- > 2.6.3