Paul Moore
unread,Mar 8, 2017, 8:51:19 AM3/8/17Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Richard Guy Briggs, Cong Wang, Herbert Xu, netdev, Alexei Starovoitov, LKML, Eric Dumazet, syzkaller, linux...@redhat.com, David Miller, Dmitry Vyukov
It doesn't really matter at this point, but that argument still
doesn't make sense. Regardless of how many audit daemons we support
on the system, there is no reason to NULLify the audit netlink socket
or get additional reference counts. The audit_sock variable should
disappear and we should simply use the sock we create in the in the
network namespace callback; when an audit daemon connects to the
kernel we should simply record its network namespace and go from
there.
I'm testing an initial patchset that does this today, I hope to post
an initial RFC sometime this week.
Also, to clarify things a bit, my questions above were a bit
rhetorical, and mostly me venting some frustration and trying to
explain that there wasn't going to be an immediate, or small, fix for
this problem. In general, don't feel you need to make excuses for
audit; it's full of problems, we all know this, and I'm more concerned
with fixing them than I am with trying to assign blame. Assigning
blame doesn't fix anything, it just upsets people.
> The AUDIT_GET, AUDIT_LIST_RULES commands are treated
> properly since they use the per-netns audit_net struct and don't use the
> primary queue. The AUDIT_USER_* messages are converted from their
> originating namespaces ok, but will need to be tracked what network
> namespace they came from for multiple audit daemons in the future.
--
paul moore
www.paul-moore.com