Re: [PATCH][RFC] audit: log namespace inode numbers
On 14/01/07, Stephan Mueller wrote:
Am Freitag, 20. Dezember 2013, 22:32:29 schrieb Richard Guy Briggs:
Hi Richard,
>Log the namespace details of a task.
>---
>
>Does anyone have comments on this patch?
>
>I'm looking for guidance on which types of messages should have
>namespace information included. I've included too many, I suspect.
>
>I also wonder if displaying these inode numbers in hexadecimal makes
>more sense than decimal, since they are all based around 0xF0000000.
>These are all with reference to the proc filesystem, so a device
>number should not be necessary to qualify them.
I have a general question: why do you sprinkle so many callbacks to
audit_log_namespace_info throughout the code? As namespaces apply only
to the acting entities, i.e. the processes, wouldn't it be sufficient
to only add it to audit_log_task_context? So, everywhere where the
context is needed in the audit trail, we log something about the
credentials of the process.
Yes, your suggestion is much cleaner. This was some of the lingering
doubt I had about where to add it. While reviewing, I found a duplicate
when called from audit_log_pid_context(). I also found a couple of
functions that don't have sufficient logging coverage
(audit_log_feature_change and audit_log_set_loginuid).
Thanks for the helpful review!
Stephan
- RGB
--
Richard Guy Briggs <rbriggs(a)redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545