public inbox for [email protected]
 help / color / mirror / Atom feed
From: Paul Moore <[email protected]>
To: Richard Guy Briggs <[email protected]>
Cc: [email protected], [email protected],
	[email protected], [email protected],
	[email protected], [email protected],
	Kumar Kartikeya Dwivedi <[email protected]>,
	Jens Axboe <[email protected]>,
	Pavel Begunkov <[email protected]>
Subject: Re: [RFC PATCH v2 0/9] Add LSM access controls and auditing to io_uring
Date: Mon, 13 Sep 2021 22:49:40 -0400	[thread overview]
Message-ID: <CAHC9VhTUKsijBVV-a3eHajYyOFYLQPWTTqxJ812NnB3_Y=UMeQ@mail.gmail.com> (raw)
In-Reply-To: <CAHC9VhTrimTds_miuyRhhHjoG_Fhmk2vH7G3hKeeFWO3BdLpKw@mail.gmail.com>

On Mon, Sep 13, 2021 at 9:50 PM Paul Moore <[email protected]> wrote:
> On Mon, Sep 13, 2021 at 3:23 PM Paul Moore <[email protected]> wrote:
> > On Thu, Sep 9, 2021 at 8:59 PM Richard Guy Briggs <[email protected]> wrote:
> > > On 2021-09-01 15:21, Paul Moore wrote:
> > > > On Sun, Aug 29, 2021 at 11:18 AM Paul Moore <[email protected]> wrote:
> > > > > On Sat, Aug 28, 2021 at 11:04 AM Richard Guy Briggs <[email protected]> wrote:
> > > > > > I did set a syscall filter for
> > > > > >         -a exit,always -F arch=b64 -S io_uring_enter,io_uring_setup,io_uring_register -F key=iouringsyscall
> > > > > > and that yielded some records with a couple of orphans that surprised me
> > > > > > a bit.
> > > > >
> > > > > Without looking too closely at the log you sent, you can expect URING
> > > > > records without an associated SYSCALL record when the uring op is
> > > > > being processed in the io-wq or sqpoll context.  In the io-wq case the
> > > > > processing is happening after the thread finished the syscall but
> > > > > before the execution context returns to userspace and in the case of
> > > > > sqpoll the processing is handled by a separate kernel thread with no
> > > > > association to a process thread.
> > > >
> > > > I spent some time this morning/afternoon playing with the io_uring
> > > > audit filtering capability and with your audit userspace
> > > > ghau-iouring-filtering.v1.0 branch it appears to work correctly.  Yes,
> > > > the userspace tooling isn't quite 100% yet (e.g. `auditctl -l` doesn't
> > > > map the io_uring ops correctly), but I know you mentioned you have a
> > > > number of fixes/improvements still as a work-in-progress there so I'm
> > > > not too concerned.  The important part is that the kernel pieces look
> > > > to be working correctly.
> > >
> > > Ok, I have squashed and pushed the audit userspace support for iouring:
> > >         https://github.com/rgbriggs/audit-userspace/commit/e8bd8d2ea8adcaa758024cb9b8fa93895ae35eea
> > >         https://github.com/linux-audit/audit-userspace/compare/master...rgbriggs:ghak-iouring-filtering.v2.1
> > > There are test rpms for f35 here:
> > >         http://people.redhat.com/~rbriggs/ghak-iouring/git-e8bd8d2-fc35/
> > >
> > > userspace v2 changelog:
> > > - check for watch before adding perm
> > > - update manpage to include filesystem filter
> > > - update support for the uring filter list: doc, -U op, op names
> > > - add support for the AUDIT_URINGOP record type
> > > - add uringop support to ausearch
> > > - add uringop support to aureport
> > > - lots of bug fixes
> > >
> > > "auditctl -a uring,always -S ..." will now throw an error and require
> > > "-U" instead.
> >
> > Thanks Richard.
> >
> > FYI, I rebased the io_uring/LSM/audit patchset on top of v5.15-rc1
> > today and tested both with your v1.0 and with your v2.1 branch and the
> > various combinations seemed to work just fine (of course the v2.1
> > userspace branch was more polished, less warts, etc.).  I'm going to
> > go over the patch set one more time to make sure everything is still
> > looking good, write up an updated cover letter, and post a v3 revision
> > later tonight with the hope of merging it into -next later this week.
>
> Best laid plans of mice and men ...
>
> It turns out the LSM hook macros are full of warnings-now-errors that
> should likely be resolved before sending anything LSM related to
> Linus.  I'll post v3 once I fix this, which may not be until tomorrow.
>
> (To be clear, the warnings/errors aren't new to this patchset, I'm
> likely just the first person to notice them.)

Actually, scratch that ... I'm thinking that might just be an oddity
of the Intel 0day test robot building for the xtensa arch.  I'll post
the v3 patchset tonight.

-- 
paul moore
www.paul-moore.com

  reply	other threads:[~2021-09-14  2:49 UTC|newest]

Thread overview: 35+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-11 20:48 [RFC PATCH v2 0/9] Add LSM access controls and auditing to io_uring Paul Moore
2021-08-11 20:48 ` [RFC PATCH v2 1/9] audit: prepare audit_context for use in calling contexts beyond syscalls Paul Moore
2021-08-11 20:48 ` [RFC PATCH v2 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring Paul Moore
2021-08-11 20:48 ` [RFC PATCH v2 3/9] audit: dev/test patch to force io_uring auditing Paul Moore
2021-08-11 20:48 ` [RFC PATCH v2 4/9] audit: add filtering for io_uring records Paul Moore
2021-08-11 20:48 ` [RFC PATCH v2 5/9] fs: add anon_inode_getfile_secure() similar to anon_inode_getfd_secure() Paul Moore
2021-08-12  9:32   ` Mickaël Salaün
2021-08-12 14:32     ` Paul Moore
2021-08-12 15:35       ` Mickaël Salaün
2021-08-11 20:48 ` [RFC PATCH v2 6/9] io_uring: convert io_uring to the secure anon inode interface Paul Moore
2021-08-11 20:48 ` [RFC PATCH v2 7/9] lsm,io_uring: add LSM hooks to io_uring Paul Moore
2021-08-11 20:49 ` [RFC PATCH v2 8/9] selinux: add support for the io_uring access controls Paul Moore
2021-08-11 20:49 ` [RFC PATCH v2 9/9] Smack: Brutalist io_uring support with debug Paul Moore
2021-08-31 14:44   ` Paul Moore
2021-08-31 15:03     ` Casey Schaufler
2021-08-31 16:43       ` Paul Moore
2021-08-24 20:57 ` [RFC PATCH v2 0/9] Add LSM access controls and auditing to io_uring Richard Guy Briggs
2021-08-24 22:27   ` Paul Moore
2021-08-25  1:36     ` Richard Guy Briggs
2021-08-26  1:16   ` Richard Guy Briggs
2021-08-26  1:34     ` Paul Moore
2021-08-26 16:32       ` Richard Guy Briggs
2021-08-26 19:14         ` Paul Moore
2021-08-27 13:35           ` Richard Guy Briggs
2021-08-27 19:49             ` Paul Moore
2021-08-28 15:03               ` Richard Guy Briggs
2021-08-29 15:18                 ` Paul Moore
2021-09-01 19:21                   ` Paul Moore
2021-09-10  0:58                     ` Richard Guy Briggs
2021-09-13 19:23                       ` Paul Moore
2021-09-14  1:50                         ` Paul Moore
2021-09-14  2:49                           ` Paul Moore [this message]
2021-09-15 12:29                             ` Richard Guy Briggs
2021-09-15 13:02                               ` Steve Grubb
2021-09-15 14:12                               ` Paul Moore

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAHC9VhTUKsijBVV-a3eHajYyOFYLQPWTTqxJ812NnB3_Y=UMeQ@mail.gmail.com' \
    [email protected] \
    [email protected] \
    [email protected] \
    [email protected] \
    [email protected] \
    [email protected] \
    [email protected] \
    [email protected] \
    [email protected] \
    [email protected] \
    [email protected] \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox