10:40 a.m.
Add Documentation/ABI entries for audit interfaces in /proc/PID/ that have
been stable for more than a decade.
Richard Guy Briggs (2):
audit: document /proc/PID/loginuid
audit: document /proc/PID/sessionid
.../ABI/stable/procfs-audit_loginuid | 27 +++++++++++++++++++
1 file changed, 27 insertions(+)
create mode 100644 Documentation/ABI/stable/procfs-audit_loginuid
--
2.27.0
10:40 a.m.
New subject: [PATCH 1/2] audit: document /proc/PID/loginuid
Describe the /proc/PID/loginuid interface in Documentation/ABI/stable that
was added 2005-02-01 by commit 1e2d1492e178 ("[PATCH] audit: handle
loginuid through proc")
Signed-off-by: Richard Guy Briggs <rgb(a)redhat.com>
---
Documentation/ABI/stable/procfs-audit_loginuid | 15 +++++++++++++++
1 file changed, 15 insertions(+)
create mode 100644 Documentation/ABI/stable/procfs-audit_loginuid
diff --git a/Documentation/ABI/stable/procfs-audit_loginuid
b/Documentation/ABI/stable/procfs-audit_loginuid
new file mode 100664
index 000000000000..fae63bef2970
--- /dev/null
+++ b/Documentation/ABI/stable/procfs-audit_loginuid
@@ -0,0 +1,15 @@
+What: Audit Login UID
+Date: 2005-02-01
+KernelVersion: 2.6.11-rc2 1e2d1492e178 ("[PATCH] audit: handle loginuid through
proc")
+Contact: linux-audit(a)redhat.com
+Format: u32
+Users: auditd, libaudit, audit-testsuite, login
+Description:
+ The /proc/$pid/loginuid pseudofile is written to set and
+ read to get the audit login UID of process $pid. If it is
+ unset, permissions are not needed to set it. The accessor must
+ have CAP_AUDIT_CONTROL in the initial user namespace to write
+ it if it has been set. It cannot be written again if
+ AUDIT_FEATURE_LOGINUID_IMMUTABLE is enabled. It cannot be
+ unset if AUDIT_FEATURE_ONLY_UNSET_LOGINUID is enabled.
+
--
2.27.0
1:15 p.m.
New subject: [PATCH 1/2] audit: document /proc/PID/loginuid
On Thu, Mar 11, 2021 at 11:41 AM Richard Guy Briggs <rgb(a)redhat.com> wrote:
Describe the /proc/PID/loginuid interface in Documentation/ABI/stable
that
was added 2005-02-01 by commit 1e2d1492e178 ("[PATCH] audit: handle
loginuid through proc")
Signed-off-by: Richard Guy Briggs <rgb(a)redhat.com>
---
Documentation/ABI/stable/procfs-audit_loginuid | 15 +++++++++++++++
1 file changed, 15 insertions(+)
create mode 100644 Documentation/ABI/stable/procfs-audit_loginuid
After ~15 years, it might be time ;)
diff --git a/Documentation/ABI/stable/procfs-audit_loginuid
b/Documentation/ABI/stable/procfs-audit_loginuid
new file mode 100664
index 000000000000..fae63bef2970
--- /dev/null
+++ b/Documentation/ABI/stable/procfs-audit_loginuid
@@ -0,0 +1,15 @@
+What: Audit Login UID
+Date: 2005-02-01
+KernelVersion: 2.6.11-rc2 1e2d1492e178 ("[PATCH] audit: handle loginuid through
proc")
+Contact: linux-audit(a)redhat.com
+Format: u32
I haven't applied the patch, but I'm going to assume that the "u32"
lines up correctly with the rest of the entries, right?
+Users: auditd, libaudit, audit-testsuite, login
I think these entries are a bit too specific as I expect the kernel to
outlive most userspace libraries and applications. I would suggest
"audit and login applications" or something similar.
+Description:
+ The /proc/$pid/loginuid pseudofile is written to set and
I'm really in no position to critique someone's English grammar, but
if we're talking about changes I might add a comma after "set", "...
is written to set, and read to get ...".
+ read to get the audit login UID of process $pid. If
it is
+ unset, permissions are not needed to set it. The accessor must
+ have CAP_AUDIT_CONTROL in the initial user namespace to write
+ it if it has been set. It cannot be written again if
+ AUDIT_FEATURE_LOGINUID_IMMUTABLE is enabled. It cannot be
+ unset if AUDIT_FEATURE_ONLY_UNSET_LOGINUID is enabled.
--
paul moore
www.paul-moore.com
10:58 a.m.
New subject: [PATCH 1/2] audit: document /proc/PID/loginuid
On 2021-03-12 14:15, Paul Moore wrote:
On Thu, Mar 11, 2021 at 11:41 AM Richard Guy Briggs
<rgb(a)redhat.com> wrote:
> Describe the /proc/PID/loginuid interface in Documentation/ABI/stable that
> was added 2005-02-01 by commit 1e2d1492e178 ("[PATCH] audit: handle
> loginuid through proc")
>
> Signed-off-by: Richard Guy Briggs <rgb(a)redhat.com>
> ---
> Documentation/ABI/stable/procfs-audit_loginuid | 15 +++++++++++++++
> 1 file changed, 15 insertions(+)
> create mode 100644 Documentation/ABI/stable/procfs-audit_loginuid
After ~15 years, it might be time ;)
> diff --git a/Documentation/ABI/stable/procfs-audit_loginuid
b/Documentation/ABI/stable/procfs-audit_loginuid
> new file mode 100664
> index 000000000000..fae63bef2970
> --- /dev/null
> +++ b/Documentation/ABI/stable/procfs-audit_loginuid
> @@ -0,0 +1,15 @@
> +What: Audit Login UID
> +Date: 2005-02-01
> +KernelVersion: 2.6.11-rc2 1e2d1492e178 ("[PATCH] audit: handle loginuid
through proc")
> +Contact: linux-audit(a)redhat.com
> +Format: u32
I haven't applied the patch, but I'm going to assume that the "u32"
lines up correctly with the rest of the entries, right?
Yes, they do. I'm wondering if they should read instead "%u" since the
internal kernel representation isn't as important as what format (number
base) is expected and presented.
> +Users: auditd, libaudit, audit-testsuite, login
I think these entries are a bit too specific as I expect the kernel to
outlive most userspace libraries and applications. I would suggest
"audit and login applications" or something similar.
In other examples, users range from a description to an email address,
to a URI, to a repository name or address, to a package name, to
specific files. I'd prefer to be as specific as reasonably possible
without going into gory detail.
> +Description:
> + The /proc/$pid/loginuid pseudofile is written to set and
I'm really in no position to critique someone's English grammar, but
if we're talking about changes I might add a comma after "set", "...
is written to set, and read to get ...".
This would be the Oxford comma debate, and has a sronger preference by
USA-ians that Brits. It can help disambiguate meaning in a list of
three or more items.
> + read to get the audit login UID of process $pid.
If it is
> + unset, permissions are not needed to set it. The accessor must
> + have CAP_AUDIT_CONTROL in the initial user namespace to write
> + it if it has been set. It cannot be written again if
> + AUDIT_FEATURE_LOGINUID_IMMUTABLE is enabled. It cannot be
> + unset if AUDIT_FEATURE_ONLY_UNSET_LOGINUID is enabled.
paul moore
- RGB
--
Richard Guy Briggs <rgb(a)redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635
10:40 a.m.
New subject: [PATCH 2/2] audit: document /proc/PID/sessionid
Describe the /proc/PID/loginuid interface in Documentation/ABI/stable that
was added 2008-03-13 in commit 1e0bd7550ea9 ("[PATCH] export sessionid
alongside the loginuid in procfs")
Signed-off-by: Richard Guy Briggs <rgb(a)redhat.com>
---
Documentation/ABI/stable/procfs-audit_loginuid | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/Documentation/ABI/stable/procfs-audit_loginuid
b/Documentation/ABI/stable/procfs-audit_loginuid
index fae63bef2970..175ee6ec3695 100644
--- a/Documentation/ABI/stable/procfs-audit_loginuid
+++ b/Documentation/ABI/stable/procfs-audit_loginuid
@@ -13,3 +13,15 @@ Description:
AUDIT_FEATURE_LOGINUID_IMMUTABLE is enabled. It cannot be
unset if AUDIT_FEATURE_ONLY_UNSET_LOGINUID is enabled.
+
+What: Audit Login Session ID
+Date: 2008-03-13
+KernelVersion: 2.6.25-rc7 1e0bd7550ea9 ("[PATCH] export sessionid alongside the
loginuid in procfs")
+Contact: linux-audit(a)redhat.com
+Format: u32
+Users: auditd, libaudit, audit-testsuite, login
+Description:
+ The /proc/$pid/sessionid pseudofile is read to get the
+ audit login session ID of process $pid. It is set
+ automatically, serially assigned with each new login.
+
--
2.27.0
1:17 p.m.
New subject: [PATCH 2/2] audit: document /proc/PID/sessionid
On Thu, Mar 11, 2021 at 11:41 AM Richard Guy Briggs <rgb(a)redhat.com> wrote:
Describe the /proc/PID/loginuid interface in Documentation/ABI/stable that
was added 2008-03-13 in commit 1e0bd7550ea9 ("[PATCH] export sessionid
alongside the loginuid in procfs")
Signed-off-by: Richard Guy Briggs <rgb(a)redhat.com>
---
Documentation/ABI/stable/procfs-audit_loginuid | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/Documentation/ABI/stable/procfs-audit_loginuid
b/Documentation/ABI/stable/procfs-audit_loginuid
index fae63bef2970..175ee6ec3695 100644
--- a/Documentation/ABI/stable/procfs-audit_loginuid
+++ b/Documentation/ABI/stable/procfs-audit_loginuid
@@ -13,3 +13,15 @@ Description:
AUDIT_FEATURE_LOGINUID_IMMUTABLE is enabled. It cannot be
unset if AUDIT_FEATURE_ONLY_UNSET_LOGINUID is enabled.
+
+What: Audit Login Session ID
+Date: 2008-03-13
+KernelVersion: 2.6.25-rc7 1e0bd7550ea9 ("[PATCH] export sessionid alongside the
loginuid in procfs")
+Contact: linux-audit(a)redhat.com
+Format: u32
+Users: auditd, libaudit, audit-testsuite, login
This should be obvious, but just to be safe - my comment from patch
1/2 also applies here.
+Description:
+ The /proc/$pid/sessionid pseudofile is read to get the
+ audit login session ID of process $pid. It is set
+ automatically, serially assigned with each new login.
--
paul moore
www.paul-moore.com
1376
days inactive
1382
days old
linux-audit@lists.linux-audit.osci.io
5 comments
2 participants
participants (2)
-
Paul Moore -
Richard Guy Briggs