From: John Johansen <john.johansen@canonical.com>
To: Eric Paris <eparis@parisplace.org>
Cc: linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org
Subject: Re: [PATCH 02/12] AppArmor: basic auditing infrastructure.
Date: Tue, 10 Nov 2009 10:38:27 -0800 [thread overview]
Message-ID: <4AF9B323.8050401@canonical.com> (raw)
In-Reply-To: <7e0fb38c0911090737i35173bbla07dcf539cd5791c@mail.gmail.com>
Eric Paris wrote:
> On Tue, Nov 3, 2009 at 6:48 PM, John Johansen
> <john.johansen@canonical.com> wrote:
>> Update kenel audit range comments to show AppArmor's registered range of
>> 1500-1599. This range used to be reserved for LSPP but LSPP uses the
>> SELinux range and the range was given to AppArmor.
>> Patch is not in mainline -- pending AppArmor code submission to lkml
>>
>> Add the core routine for AppArmor auditing.
>>
>> Signed-off-by: John Johansen <john.johansen@canonical.com>
>
> As the audit maintainer I NAK. I NAK any patch that calls
> audit_log_format() with %s. Use an audit_log_string() function unless
> you can prove to me it meets all of the audit string handling rules
> (and you know them). That part isn't too hard to fix but....
>
> I'd like to register an objection to this patch as a whole. I know
> it's a pain and its probably going to take a little reshaping of your
> userspace tools that ran against your out of tree patches, but we get
> a lot of work for free if you would make use of the lsm_audit.{c,h}
> file instead of redoing everything. Extend it as you need to the same
> way that SMACK and SELinux did. Personally I think it needs a generic
> lsm=%s (SMACK does it in smack_log_callback, SELinux doesn't do it but
> could/should)
>
> I don't think we want to use more AUDIT messages for the same thing
> even if someone in userspace said you could a long time ago.
>
> LSM unification and code sharing is a good thing, even if the LSMs
> can't agree on much else :)
>
>
yes that will be a pain but if that is what is needed then we will have
to live with it. However there is a caveat, that I need to look into yet,
all apparmor loggin will necessarily go through the audit subsystem.
We are planning our own dedicated netlink interface and dumping high volume
complain (learning) mode messages to it if an external application is
registered. I pretty sure we can make it work but I just haven't looked
at it enough yet.
thanks
john
next prev parent reply other threads:[~2009-11-10 18:38 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-03 23:48 [Patch 0/12] AppArmor security module John Johansen
2009-11-03 23:48 ` [PATCH 01/12] AppArmor: misc. base functions and defines John Johansen
2009-11-03 23:48 ` [PATCH 02/12] AppArmor: basic auditing infrastructure John Johansen
2009-11-09 15:37 ` Eric Paris
2009-11-10 18:38 ` John Johansen [this message]
2009-11-03 23:48 ` [PATCH 03/12] AppArmor: contexts used in attaching policy to system objects John Johansen
2009-11-03 23:48 ` [PATCH 04/12] AppArmor: core policy routines John Johansen
2009-11-03 23:48 ` [PATCH 05/12] AppArmor: dfa match engine John Johansen
2009-11-03 23:48 ` [PATCH 06/12] AppArmor: policy routines for loading and unpacking policy John Johansen
2009-11-03 23:48 ` [PATCH 07/12] AppArmor: userspace interfaces John Johansen
2009-11-03 23:48 ` [PATCH 08/12] AppArmor: file enforcement routines John Johansen
2009-11-03 23:48 ` [PATCH 09/12] AppArmor: mediation of non file objects John Johansen
2009-11-03 23:48 ` [PATCH 10/12] AppArmor: domain functions for domain transition John Johansen
2009-11-03 23:48 ` [PATCH 11/12] AppArmor: LSM interface, and security module initialization John Johansen
2009-11-09 15:20 ` Eric Paris
2009-11-10 18:38 ` John Johansen
2009-11-03 23:48 ` [PATCH 12/12] AppArmor: Enable configuring and building of the AppArmor security module John Johansen
2009-11-04 4:41 ` [Patch 0/12] " Tetsuo Handa
2009-11-05 5:10 ` John Johansen
2009-11-05 5:49 ` Tetsuo Handa
2009-11-06 23:50 ` John Johansen
-- strict thread matches above, loose matches on Subject: below --
2009-11-10 16:12 [AppArmor #3 " John Johansen
2009-11-10 16:12 ` [PATCH 02/12] AppArmor: basic auditing infrastructure John Johansen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4AF9B323.8050401@canonical.com \
--to=john.johansen@canonical.com \
--cc=eparis@parisplace.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox