[PATCH][RFC] audit: log namespace inode numbers
Richard Guy Briggs
rgb at redhat.com
Tue Jan 7 17:43:59 UTC 2014
On 14/01/07, Stephan Mueller wrote:
> Am Freitag, 20. Dezember 2013, 22:32:29 schrieb Richard Guy Briggs:
>
> Hi Richard,
>
> >Log the namespace details of a task.
> >---
> >
> >Does anyone have comments on this patch?
> >
> >I'm looking for guidance on which types of messages should have
> >namespace information included. I've included too many, I suspect.
> >
> >I also wonder if displaying these inode numbers in hexadecimal makes
> >more sense than decimal, since they are all based around 0xF0000000.
> >These are all with reference to the proc filesystem, so a device
> >number should not be necessary to qualify them.
>
> I have a general question: why do you sprinkle so many callbacks to
> audit_log_namespace_info throughout the code? As namespaces apply only
> to the acting entities, i.e. the processes, wouldn't it be sufficient
> to only add it to audit_log_task_context? So, everywhere where the
> context is needed in the audit trail, we log something about the
> credentials of the process.
Yes, your suggestion is much cleaner. This was some of the lingering
doubt I had about where to add it. While reviewing, I found a duplicate
when called from audit_log_pid_context(). I also found a couple of
functions that don't have sufficient logging coverage
(audit_log_feature_change and audit_log_set_loginuid).
Thanks for the helpful review!
> Stephan
- RGB
--
Richard Guy Briggs <rbriggs at redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
More information about the Linux-audit
mailing list