|
Message-ID: <1333999988.14260.9.camel@localhost> Date: Mon, 09 Apr 2012 15:33:08 -0400 From: Eric Paris <eparis@...hat.com> To: kernel-hardening@...ts.openwall.com Cc: Andrew Morton <akpm@...ux-foundation.org>, Kees Cook <keescook@...omium.org>, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, linux-arch@...r.kernel.org, linux-doc@...r.kernel.org, netdev@...r.kernel.org, x86@...nel.org, arnd@...db.de, davem@...emloft.net, hpa@...or.com, mingo@...hat.com, oleg@...hat.com, peterz@...radead.org, rdunlap@...otime.net, mcgrathr@...omium.org, tglx@...utronix.de, luto@....edu, serge.hallyn@...onical.com, djm@...drot.org, scarybeasts@...il.com, indan@....nu, pmoore@...hat.com, corbet@....net, eric.dumazet@...il.com, markus@...omium.org, coreyb@...ux.vnet.ibm.com, jmorris@...ei.org Subject: Re: Re: [PATCH v17 09/15] seccomp: remove duplicated failure logging On Mon, 2012-04-09 at 14:26 -0500, Will Drewry wrote: > On Fri, Apr 6, 2012 at 4:14 PM, Andrew Morton <akpm@...ux-foundation.org> wrote: > > On Thu, 29 Mar 2012 15:01:54 -0500 > > Will Drewry <wad@...omium.org> wrote: > >> -void __audit_seccomp(unsigned long syscall) > >> +void __audit_seccomp(unsigned long syscall, long signr, int code) > >> { > >> struct audit_buffer *ab; > >> > >> ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_ANOM_ABEND); > >> - audit_log_abend(ab, "seccomp", SIGKILL); > >> + audit_log_abend(ab, "seccomp", signr); > >> audit_log_format(ab, " syscall=%ld", syscall); > >> +#ifdef CONFIG_COMPAT > >> + audit_log_format(ab, " compat=%d", is_compat_task()); > >> +#endif > > > > We don't need the ifdef for compilation reasons now. > > > > The question is: should we emit the compat= record on > > non-compat-capable architectures? Doing so would be safer - making it > > conditional invites people to write x86-only usersapce. > > I'd certainly prefer it always being there for exactly that reason. > > Kees, Eric, any preferences? Unless I hear one, I'll just drop the > ifdefs in the next revision. I'd just leave it in unconditionally. The audit parse libraries would handle it just fine, but that doesn't mean everyone uses that tool to parse the text. -Eric
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.