From: Richard Guy Briggs <rgb@redhat.com>
To: linux-audit@redhat.com, linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org
Cc: Richard Guy Briggs <rgb@redhat.com>,
Eric Paris <eparis@redhat.com>, Al Viro <viro@zeniv.linux.org.uk>,
Ingo Molnar <mingo@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
John Johansen <john.johansen@canonical.com>,
James Morris <james.l.morris@oracle.com>,
Andrew Morton <akpm@linux-foundation.org>,
Oleg Nesterov <oleg@redhat.com>,
Kentaro Takeda <takedakn@nttdata.co.jp>,
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Jiri Slaby <jslaby@suse.cz>
Subject: [PATCH 00/12] RFC: steps to make audit pid namespace-safe
Date: Tue, 20 Aug 2013 17:31:52 -0400 [thread overview]
Message-ID: <cover.1377032086.git.rgb@redhat.com> (raw)
This patchset is a revival of some of Eric Biederman's work to make audit
pid-namespace-safe.
In a couple of places, audit was printing PIDs in the task's pid namespace
rather than relative to the audit daemon's pid namespace, which currently is
init_pid_ns.
It also allows processes to log audit user messages in their own pid
namespaces, which was not previously permitted. Please see:
https://bugzilla.redhat.com/show_bug.cgi?id=947530
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1160372
https://bugzilla.novell.com/show_bug.cgi?id=786024
Part of the cleanup here involves deprecating task->pid and task->tgid, which
are error-prone duplicates of the task->pids structure
The next step which I hope to add to this patchset will be to purge task->pid
and task->tgid from the rest of the kernel if possible. Once that is done,
task_pid_nr_init_ns() and task_tgid_nr_init_ns() that were introduced in patch
05/12 and used in patches 06/12 and 08/12 could be replaced with task_pid_nr()
and task_tgid_nr(). Eric B. did take a stab at that, but checking all the
subtleties will be non-trivial.
Does anyone have any opinions or better yet hard data on cache line misses
between pid_nr(struct pid*) and pid_nr_ns(struct pid*, &init_pid_ns)? I'd
like to see pid_nr() use pid_nr_ns(struct pid*, &init_pid_ns), or
pid_nr_init_ns() eliminated in favour of the original pid_nr(). pid_nr()
currently accesses the first level of the pid structure without having to
dereference the level number. If there is an actual speed difference, it could
be worth keeping, otherwise, I'd prefer to simplify that code.
Eric also had a patch to add a printk option to format a struct pid pointer
which was PID namespace-aware. I don't see the point, but I'll let him explain
it.
Discuss.
Eric W. Biederman (5):
audit: Kill the unused struct audit_aux_data_capset
audit: Simplify and correct audit_log_capset
Richard Guy Briggs (7):
audit: fix netlink portid naming and types
pid: get ppid pid_t of task in init_pid_ns safely
audit: convert PPIDs to the inital PID namespace.
pid: get pid_t of task in init_pid_ns correctly
audit: store audit_pid as a struct pid pointer
audit: anchor all pid references in the initial pid namespace
pid: modify task_pid_nr to work without task->pid.
pid: modify task_tgid_nr to work without task->tgid.
pid: rewrite task helper functions avoiding task->pid and task->tgid
pid: mark struct task const in helper functions
drivers/tty/tty_audit.c | 3 +-
include/linux/audit.h | 8 ++--
include/linux/pid.h | 6 +++
include/linux/sched.h | 81 ++++++++++++++++++++++++----------
kernel/audit.c | 76 +++++++++++++++++++------------
kernel/audit.h | 12 +++---
kernel/auditfilter.c | 35 +++++++++++----
kernel/auditsc.c | 36 ++++++---------
kernel/capability.c | 2 +-
kernel/pid.c | 4 +-
security/apparmor/audit.c | 7 +--
security/integrity/integrity_audit.c | 2 +-
security/lsm_audit.c | 11 +++--
security/tomoyo/audit.c | 2 +-
14 files changed, 177 insertions(+), 108 deletions(-)
next reply other threads:[~2013-08-20 21:33 UTC|newest]
Thread overview: 107+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-20 21:31 Richard Guy Briggs [this message]
2013-08-20 21:31 ` [PATCH 01/12] audit: Kill the unused struct audit_aux_data_capset Richard Guy Briggs
2013-08-20 21:31 ` [PATCH 02/12] audit: fix netlink portid naming and types Richard Guy Briggs
2013-08-20 21:31 ` [PATCH 03/12] pid: get ppid pid_t of task in init_pid_ns safely Richard Guy Briggs
2013-08-27 17:21 ` Oleg Nesterov
2013-08-30 19:56 ` Richard Guy Briggs
2013-08-30 20:37 ` John Johansen
2013-08-30 22:41 ` [PATCH 1/3] apparmor: fix capability to not use the current task, during reporting John Johansen
2013-08-30 22:42 ` [PATCH 2/3] apparmor: remove tsk field from the apparmor_audit_struct John Johansen
2013-08-30 22:43 ` [PATCH 03/3] apparmor: remove parent task info from audit logging John Johansen
2013-09-03 18:31 ` [PATCH 03/12] pid: get ppid pid_t of task in init_pid_ns safely Richard Guy Briggs
2013-12-11 14:47 ` Richard Guy Briggs
2013-12-11 16:44 ` John Johansen
2013-12-11 17:19 ` Richard Guy Briggs
2013-08-20 21:31 ` [PATCH 04/12] audit: convert PPIDs to the inital PID namespace Richard Guy Briggs
2013-08-20 21:31 ` [PATCH 05/12] pid: get pid_t of task in init_pid_ns correctly Richard Guy Briggs
2013-08-20 21:31 ` [PATCH 06/12] audit: Simplify and correct audit_log_capset Richard Guy Briggs
2013-08-20 21:31 ` [PATCH 07/12] audit: store audit_pid as a struct pid pointer Richard Guy Briggs
2013-08-20 21:32 ` [PATCH 08/12] audit: anchor all pid references in the initial pid namespace Richard Guy Briggs
2013-08-20 21:32 ` [PATCH 09/12] pid: modify task_pid_nr to work without task->pid Richard Guy Briggs
2013-12-16 21:03 ` [PATCH] pid: change task_struct::pid to read-only Richard Guy Briggs
2013-12-17 9:58 ` Peter Zijlstra
2013-12-20 4:48 ` Richard Guy Briggs
2013-12-20 8:58 ` Peter Zijlstra
2013-12-20 14:04 ` Richard Guy Briggs
2014-01-23 19:32 ` [PATCH 0/7][RFC] pid: changes to support audit Richard Guy Briggs
2014-01-23 19:32 ` [PATCH 1/7] pid: change task_struct::pid to read-only Richard Guy Briggs
2014-01-23 19:32 ` [PATCH 2/7] compiler: CONST_CAST makes writing const vars easier and obvious Richard Guy Briggs
2014-01-23 19:32 ` [PATCH 3/7] pid: use the CONST_CAST macro instead to write to const task_struct::pid Richard Guy Briggs
2014-01-23 19:32 ` [PATCH 4/7] pid: modify task_tgid_nr to work without task->tgid Richard Guy Briggs
2014-02-20 18:35 ` Oleg Nesterov
2014-02-21 20:47 ` Richard Guy Briggs
2014-02-24 18:40 ` Oleg Nesterov
2014-01-23 19:32 ` [PATCH 5/7] pid: rewrite task helper function is_global_init() avoiding task->pid Richard Guy Briggs
2014-02-20 18:39 ` Oleg Nesterov
2014-02-21 16:10 ` Richard Guy Briggs
2014-01-23 19:32 ` [PATCH 6/7] pid: mark struct task const in helper functions Richard Guy Briggs
2014-01-23 19:32 ` [PATCH 7/7] pid: get pid_t ppid of task in init_pid_ns Richard Guy Briggs
2014-02-20 19:01 ` Oleg Nesterov
2014-02-21 18:10 ` Richard Guy Briggs
2014-02-24 18:32 ` Oleg Nesterov
2014-03-17 20:14 ` Tony Luck
2014-03-17 20:15 ` Eric Paris
2014-01-23 21:25 ` [PATCH 0/7][RFC] pid: changes to support audit Peter Zijlstra
2014-01-24 6:14 ` Richard Guy Briggs
2014-01-24 8:52 ` Peter Zijlstra
2014-01-24 14:31 ` Richard Guy Briggs
2014-02-19 16:18 ` Richard Guy Briggs
2014-02-19 17:47 ` Oleg Nesterov
2014-02-19 18:15 ` Richard Guy Briggs
2014-02-20 19:08 ` Oleg Nesterov
2013-12-17 9:59 ` [PATCH] pid: change task_struct::pid to read-only Peter Zijlstra
2013-12-17 15:36 ` Oleg Nesterov
2013-12-17 15:40 ` Oleg Nesterov
2013-12-20 19:01 ` Oleg Nesterov
2013-12-20 20:19 ` Richard Guy Briggs
2013-12-20 21:33 ` Peter Zijlstra
2013-12-22 16:03 ` Oleg Nesterov
2014-01-23 19:24 ` Richard Guy Briggs
2013-08-20 21:32 ` [PATCH 10/12] pid: modify task_tgid_nr to work without task->tgid Richard Guy Briggs
2013-08-20 21:32 ` [PATCH 11/12] pid: rewrite task helper functions avoiding task->pid and task->tgid Richard Guy Briggs
2013-08-22 19:08 ` Oleg Nesterov
2013-08-26 22:07 ` Richard Guy Briggs
2013-08-27 16:15 ` Oleg Nesterov
2013-12-16 17:35 ` Richard Guy Briggs
2013-12-16 21:05 ` Oleg Nesterov
2013-12-16 22:20 ` Richard Guy Briggs
2013-12-17 9:34 ` Peter Zijlstra
2013-12-17 9:48 ` Peter Zijlstra
2013-12-20 4:54 ` Richard Guy Briggs
2013-08-22 20:05 ` Peter Zijlstra
2013-08-22 21:43 ` Richard Guy Briggs
2013-08-23 6:36 ` Peter Zijlstra
2013-08-27 2:37 ` Richard Guy Briggs
2013-08-27 12:11 ` Peter Zijlstra
2013-08-27 21:35 ` Eric W. Biederman
2013-08-28 8:16 ` Peter Zijlstra
2013-08-23 19:28 ` Oleg Nesterov
2013-08-27 3:04 ` Richard Guy Briggs
2013-08-27 17:11 ` Oleg Nesterov
2013-08-30 19:06 ` audit looks unmaintained? [was: Re: [PATCH 11/12] pid: rewrite task helper functions avoiding task->pid and task->tgid] Richard Guy Briggs
2013-08-30 19:54 ` Steve Grubb
2013-09-08 15:54 ` Oleg Nesterov
2013-09-10 17:20 ` Oleg Nesterov
2013-09-13 18:42 ` Steve Grubb
2013-09-14 18:10 ` Oleg Nesterov
2013-09-13 18:28 ` Steve Grubb
2013-09-14 18:08 ` Oleg Nesterov
2013-08-20 21:32 ` [PATCH 12/12] pid: mark struct task const in helper functions Richard Guy Briggs
2013-12-23 22:27 ` [PATCH 0/5][RFC][v2] steps to make audit pid namespace-safe Richard Guy Briggs
2013-12-23 22:27 ` [PATCH 1/5] pid: get pid_t ppid of task in init_pid_ns Richard Guy Briggs
2013-12-30 17:04 ` Oleg Nesterov
2013-12-23 22:27 ` [PATCH 2/5] audit: convert PPIDs to the inital PID namespace Richard Guy Briggs
2013-12-30 17:07 ` Oleg Nesterov
2013-12-23 22:27 ` [PATCH 3/5] audit: store audit_pid as a struct pid pointer Richard Guy Briggs
2013-12-30 17:51 ` Oleg Nesterov
2014-01-21 23:37 ` Richard Guy Briggs
2013-12-23 22:27 ` [PATCH 4/5] audit: anchor all pid references in the initial pid namespace Richard Guy Briggs
2013-12-30 18:06 ` Oleg Nesterov
2014-02-19 20:28 ` Richard Guy Briggs
2013-12-23 22:27 ` [PATCH 5/5] audit: allow user processes to log from another PID namespace Richard Guy Briggs
2014-02-19 20:57 ` [PATCH 0/5][RFC][v3] steps to make audit pid namespace-safe Richard Guy Briggs
2014-02-19 20:57 ` [PATCH 1/5] pid: get pid_t ppid of task in init_pid_ns Richard Guy Briggs
2014-02-19 20:57 ` [PATCH 2/5] audit: convert PPIDs to the inital PID namespace Richard Guy Briggs
2014-02-19 20:57 ` [PATCH 3/5] audit: store audit_pid as a struct pid pointer Richard Guy Briggs
2014-02-19 20:57 ` [PATCH 4/5] audit: anchor all pid references in the initial pid namespace Richard Guy Briggs
2014-02-19 20:57 ` [PATCH 5/5] audit: allow user processes to log from another PID namespace Richard Guy Briggs
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1377032086.git.rgb@redhat.com \
--to=rgb@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=eparis@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=james.l.morris@oracle.com \
--cc=john.johansen@canonical.com \
--cc=jslaby@suse.cz \
--cc=linux-audit@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=oleg@redhat.com \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=peterz@infradead.org \
--cc=serge@hallyn.com \
--cc=takedakn@nttdata.co.jp \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).