Re: linux-next: manual merge of the audit tree with Linus' tree

2019-04-08 Thread Paul Moore 
On Mon, Apr 8, 2019 at 1:15 PM Dmitry V. Levin  wrote:
> On Mon, Apr 08, 2019 at 11:31:31AM +1000, Stephen Rothwell wrote:
> > Hi all,
> >
> > Today's linux-next merge of the audit tree got conflicts in:
> >
> >   arch/mips/kernel/ptrace.c
> >   kernel/seccomp.c
> >
> > between commit:
> >
> >   b35f549df1d7 ("syscalls: Remove start and number from 
> > syscall_get_arguments() args")
> >
> > from Linus' tree and commit:
> >
> >   16add411645c ("syscall_get_arch: add "struct task_struct *" argument")
> >
> > from the audit tree.
> >
> > I fixed it up (see below) and can carry the fix as necessary. This
> > is now fixed as far as linux-next is concerned, but any non trivial
> > conflicts should be mentioned to your upstream maintainer when your tree
> > is submitted for merging.  You may also want to consider cooperating
> > with the maintainer of the conflicting tree to minimise any particularly
> > complex conflicts.
>
> Thanks, the merge fix is correct.
> I've also re-tested it using the new selftests/ptrace test
> from PTRACE_GET_SYSCALL_INFO patchset.

Thanks for the verification Dmitry.

Stephen, thanks for the heads-up, I'll pass this along to Linus come merge time.

-- 
paul moore
www.paul-moore.com

Re: linux-next: manual merge of the audit tree with Linus' tree

2019-04-08 Thread Dmitry V. Levin 
On Mon, Apr 08, 2019 at 11:31:31AM +1000, Stephen Rothwell wrote:
> Hi all,
> 
> Today's linux-next merge of the audit tree got conflicts in:
> 
>   arch/mips/kernel/ptrace.c
>   kernel/seccomp.c
> 
> between commit:
> 
>   b35f549df1d7 ("syscalls: Remove start and number from 
> syscall_get_arguments() args")
> 
> from Linus' tree and commit:
> 
>   16add411645c ("syscall_get_arch: add "struct task_struct *" argument")
> 
> from the audit tree.
> 
> I fixed it up (see below) and can carry the fix as necessary. This
> is now fixed as far as linux-next is concerned, but any non trivial
> conflicts should be mentioned to your upstream maintainer when your tree
> is submitted for merging.  You may also want to consider cooperating
> with the maintainer of the conflicting tree to minimise any particularly
> complex conflicts.

Thanks, the merge fix is correct.
I've also re-tested it using the new selftests/ptrace test
from PTRACE_GET_SYSCALL_INFO patchset.


-- 
ldv


signature.asc
Description: PGP signature

Re: linux-next: manual merge of the audit tree with Linus' tree

2017-03-24 Thread Paul Moore 
On Thu, Mar 23, 2017 at 10:18 PM, Stephen Rothwell  
wrote:
> Hi Paul,
>
> Today's linux-next merge of the audit tree got a conflict in:
>
>   net/netfilter/xt_AUDIT.c
>
> between commit:
>
>   613dbd95723a ("netfilter: x_tables: move hook state into xt_action_param 
> structure")
>
> from Linus' tree and commit:
>
>   36fe46d172e5 ("audit: normalize NETFILTER_PKT")
>
> from the audit tree.
>
> I fixed it up (see below) and can carry the fix as necessary. This
> is now fixed as far as linux-next is concerned, but any non trivial
> conflicts should be mentioned to your upstream maintainer when your tree
> is submitted for merging.  You may also want to consider cooperating
> with the maintainer of the conflicting tree to minimise any particularly
> complex conflicts.
>
> P.S. You may want to consider a newer base for your tree ...

FWIW, the audit/next tree's base is old-ish for a reason; it is that
way out of awkwardness and not neglect.  Depending on how things go
today/this-weekend there are some audit patches in the queue which
will require a rebase to a much more current point in time (likely a
4.11-rcX tag, which presents its own challenges, but oh well).

-- 
paul moore
www.paul-moore.com

Re: linux-next: manual merge of the audit tree with Linus' tree

2017-03-24 Thread Paul Moore 
On Thu, Mar 23, 2017 at 10:18 PM, Stephen Rothwell  
wrote:
> Hi Paul,
>
> Today's linux-next merge of the audit tree got a conflict in:
>
>   net/netfilter/xt_AUDIT.c
>
> between commit:
>
>   613dbd95723a ("netfilter: x_tables: move hook state into xt_action_param 
> structure")
>
> from Linus' tree and commit:
>
>   36fe46d172e5 ("audit: normalize NETFILTER_PKT")
>
> from the audit tree.
>
> I fixed it up (see below) and can carry the fix as necessary. This
> is now fixed as far as linux-next is concerned, but any non trivial
> conflicts should be mentioned to your upstream maintainer when your tree
> is submitted for merging.  You may also want to consider cooperating
> with the maintainer of the conflicting tree to minimise any particularly
> complex conflicts.
>
> P.S. You may want to consider a newer base for your tree ...

FWIW, the audit/next tree's base is old-ish for a reason; it is that
way out of awkwardness and not neglect.  Depending on how things go
today/this-weekend there are some audit patches in the queue which
will require a rebase to a much more current point in time (likely a
4.11-rcX tag, which presents its own challenges, but oh well).

-- 
paul moore
www.paul-moore.com

Re: linux-next: manual merge of the audit tree with Linus' tree

2017-03-24 Thread Richard Guy Briggs 
On 2017-03-24 13:18, Stephen Rothwell wrote:
> Hi Paul,

Hi Stephen,

> Today's linux-next merge of the audit tree got a conflict in:
> 
>   net/netfilter/xt_AUDIT.c
> 
> between commit:
> 
>   613dbd95723a ("netfilter: x_tables: move hook state into xt_action_param 
> structure")
> 
> from Linus' tree and commit:
> 
>   36fe46d172e5 ("audit: normalize NETFILTER_PKT")
> 
> from the audit tree.

Lovely.  The fix looks fine to me.  Thanks!

> I fixed it up (see below) and can carry the fix as necessary. This
> is now fixed as far as linux-next is concerned, but any non trivial
> conflicts should be mentioned to your upstream maintainer when your tree
> is submitted for merging.  You may also want to consider cooperating
> with the maintainer of the conflicting tree to minimise any particularly
> complex conflicts.
> 
> P.S. You may want to consider a newer base for your tree ...
> -- 
> Cheers,
> Stephen Rothwell
> 
> diff --cc net/netfilter/xt_AUDIT.c
> index 19247a17e511,582ee54f6664..
> --- a/net/netfilter/xt_AUDIT.c
> +++ b/net/netfilter/xt_AUDIT.c
> @@@ -131,39 -78,24 +78,24 @@@ audit_tg(struct sk_buff *skb, const str
>   if (ab == NULL)
>   goto errout;
>   
> - audit_log_format(ab, "action=%hhu hook=%u len=%u inif=%s outif=%s",
> -  info->type, xt_hooknum(par), skb->len,
> -  xt_in(par) ? xt_inname(par) : "?",
> -  xt_out(par) ? xt_outname(par) : "?");
> - 
> - if (skb->mark)
> - audit_log_format(ab, " mark=%#x", skb->mark);
> - 
> - if (skb->dev && skb->dev->type == ARPHRD_ETHER) {
> - audit_log_format(ab, " smac=%pM dmac=%pM macproto=0x%04x",
> -  eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest,
> -  ntohs(eth_hdr(skb)->h_proto));
> - 
> - if (xt_family(par) == NFPROTO_BRIDGE) {
> - switch (eth_hdr(skb)->h_proto) {
> - case htons(ETH_P_IP):
> - audit_ip4(ab, skb);
> - break;
> - 
> - case htons(ETH_P_IPV6):
> - audit_ip6(ab, skb);
> - break;
> - }
> - }
> - }
> + audit_log_format(ab, "mark=%#x", skb->mark);
>   
>  -switch (par->family) {
>  +switch (xt_family(par)) {
> + case NFPROTO_BRIDGE:
> + switch (eth_hdr(skb)->h_proto) {
> + case htons(ETH_P_IP):
> + fam = audit_ip4(ab, skb) ? NFPROTO_IPV4 : -1;
> + break;
> + case htons(ETH_P_IPV6):
> + fam = audit_ip6(ab, skb) ? NFPROTO_IPV6 : -1;
> + break;
> + }
> + break;
>   case NFPROTO_IPV4:
> - audit_ip4(ab, skb);
> + fam = audit_ip4(ab, skb) ? NFPROTO_IPV4 : -1;
>   break;
> - 
>   case NFPROTO_IPV6:
> - audit_ip6(ab, skb);
> + fam = audit_ip6(ab, skb) ? NFPROTO_IPV6 : -1;
>   break;
>   }
>   

- RGB

--
Richard Guy Briggs 
Kernel Security Engineering, Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635

Re: linux-next: manual merge of the audit tree with Linus' tree

2017-03-24 Thread Richard Guy Briggs 
On 2017-03-24 13:18, Stephen Rothwell wrote:
> Hi Paul,

Hi Stephen,

> Today's linux-next merge of the audit tree got a conflict in:
> 
>   net/netfilter/xt_AUDIT.c
> 
> between commit:
> 
>   613dbd95723a ("netfilter: x_tables: move hook state into xt_action_param 
> structure")
> 
> from Linus' tree and commit:
> 
>   36fe46d172e5 ("audit: normalize NETFILTER_PKT")
> 
> from the audit tree.

Lovely.  The fix looks fine to me.  Thanks!

> I fixed it up (see below) and can carry the fix as necessary. This
> is now fixed as far as linux-next is concerned, but any non trivial
> conflicts should be mentioned to your upstream maintainer when your tree
> is submitted for merging.  You may also want to consider cooperating
> with the maintainer of the conflicting tree to minimise any particularly
> complex conflicts.
> 
> P.S. You may want to consider a newer base for your tree ...
> -- 
> Cheers,
> Stephen Rothwell
> 
> diff --cc net/netfilter/xt_AUDIT.c
> index 19247a17e511,582ee54f6664..
> --- a/net/netfilter/xt_AUDIT.c
> +++ b/net/netfilter/xt_AUDIT.c
> @@@ -131,39 -78,24 +78,24 @@@ audit_tg(struct sk_buff *skb, const str
>   if (ab == NULL)
>   goto errout;
>   
> - audit_log_format(ab, "action=%hhu hook=%u len=%u inif=%s outif=%s",
> -  info->type, xt_hooknum(par), skb->len,
> -  xt_in(par) ? xt_inname(par) : "?",
> -  xt_out(par) ? xt_outname(par) : "?");
> - 
> - if (skb->mark)
> - audit_log_format(ab, " mark=%#x", skb->mark);
> - 
> - if (skb->dev && skb->dev->type == ARPHRD_ETHER) {
> - audit_log_format(ab, " smac=%pM dmac=%pM macproto=0x%04x",
> -  eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest,
> -  ntohs(eth_hdr(skb)->h_proto));
> - 
> - if (xt_family(par) == NFPROTO_BRIDGE) {
> - switch (eth_hdr(skb)->h_proto) {
> - case htons(ETH_P_IP):
> - audit_ip4(ab, skb);
> - break;
> - 
> - case htons(ETH_P_IPV6):
> - audit_ip6(ab, skb);
> - break;
> - }
> - }
> - }
> + audit_log_format(ab, "mark=%#x", skb->mark);
>   
>  -switch (par->family) {
>  +switch (xt_family(par)) {
> + case NFPROTO_BRIDGE:
> + switch (eth_hdr(skb)->h_proto) {
> + case htons(ETH_P_IP):
> + fam = audit_ip4(ab, skb) ? NFPROTO_IPV4 : -1;
> + break;
> + case htons(ETH_P_IPV6):
> + fam = audit_ip6(ab, skb) ? NFPROTO_IPV6 : -1;
> + break;
> + }
> + break;
>   case NFPROTO_IPV4:
> - audit_ip4(ab, skb);
> + fam = audit_ip4(ab, skb) ? NFPROTO_IPV4 : -1;
>   break;
> - 
>   case NFPROTO_IPV6:
> - audit_ip6(ab, skb);
> + fam = audit_ip6(ab, skb) ? NFPROTO_IPV6 : -1;
>   break;
>   }
>   

- RGB

--
Richard Guy Briggs 
Kernel Security Engineering, Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635

Re: linux-next: manual merge of the audit tree with Linus' tree

2017-01-18 Thread Richard Guy Briggs 
On 2017-01-19 13:51, Stephen Rothwell wrote:
> Hi Paul,

Hi Stephen,

> Today's linux-next merge of the audit tree got a conflict in:
> 
>   include/uapi/linux/audit.h
> 
> between commits:
> 
>   7ff89ac608d9 ("audit: add exclude filter extension to feature bitmap")
>   dcdaa2f9480c ("Merge branch 'stable-4.10' of 
> git://git.infradead.org/users/pcmoore/audit")
> 
> from Linus' tree and commit:
> 
>   92c82e8a322b ("audit: add feature audit_lost reset")
> 
> from the audit tree.

This merge conflict was expected.

Your fix below looks as expected.

Thanks!  Sorry for the trouble.

> I fixed it up (see below) and can carry the fix as necessary. This
> is now fixed as far as linux-next is concerned, but any non trivial
> conflicts should be mentioned to your upstream maintainer when your tree
> is submitted for merging.  You may also want to consider cooperating
> with the maintainer of the conflicting tree to minimise any particularly
> complex conflicts.
> 
> -- 
> Cheers,
> Stephen Rothwell
> 
> diff --cc include/uapi/linux/audit.h
> index 1c107cb1c83f,3f24110ae63c..
> --- a/include/uapi/linux/audit.h
> +++ b/include/uapi/linux/audit.h
> @@@ -330,13 -331,14 +331,16 @@@ enum 
>   #define AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT  0x0001
>   #define AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME  0x0002
>   #define AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH0x0004
>  +#define AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND 0x0008
>   #define AUDIT_FEATURE_BITMAP_SESSIONID_FILTER   0x0010
> + #define AUDIT_FEATURE_BITMAP_LOST_RESET 0x0020
> + 
>   #define AUDIT_FEATURE_BITMAP_ALL (AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT | \
> AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME | \
> AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH | \
>  +  AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND | \
> -   AUDIT_FEATURE_BITMAP_SESSIONID_FILTER)
> +   AUDIT_FEATURE_BITMAP_SESSIONID_FILTER | \
> +   AUDIT_FEATURE_BITMAP_LOST_RESET)
>   
>   /* deprecated: AUDIT_VERSION_* */
>   #define AUDIT_VERSION_LATESTAUDIT_FEATURE_BITMAP_ALL

- RGB

--
Richard Guy Briggs 
Kernel Security Engineering, Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635

Re: linux-next: manual merge of the audit tree with Linus' tree

2017-01-18 Thread Richard Guy Briggs 
On 2017-01-19 13:51, Stephen Rothwell wrote:
> Hi Paul,

Hi Stephen,

> Today's linux-next merge of the audit tree got a conflict in:
> 
>   include/uapi/linux/audit.h
> 
> between commits:
> 
>   7ff89ac608d9 ("audit: add exclude filter extension to feature bitmap")
>   dcdaa2f9480c ("Merge branch 'stable-4.10' of 
> git://git.infradead.org/users/pcmoore/audit")
> 
> from Linus' tree and commit:
> 
>   92c82e8a322b ("audit: add feature audit_lost reset")
> 
> from the audit tree.

This merge conflict was expected.

Your fix below looks as expected.

Thanks!  Sorry for the trouble.

> I fixed it up (see below) and can carry the fix as necessary. This
> is now fixed as far as linux-next is concerned, but any non trivial
> conflicts should be mentioned to your upstream maintainer when your tree
> is submitted for merging.  You may also want to consider cooperating
> with the maintainer of the conflicting tree to minimise any particularly
> complex conflicts.
> 
> -- 
> Cheers,
> Stephen Rothwell
> 
> diff --cc include/uapi/linux/audit.h
> index 1c107cb1c83f,3f24110ae63c..
> --- a/include/uapi/linux/audit.h
> +++ b/include/uapi/linux/audit.h
> @@@ -330,13 -331,14 +331,16 @@@ enum 
>   #define AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT  0x0001
>   #define AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME  0x0002
>   #define AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH0x0004
>  +#define AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND 0x0008
>   #define AUDIT_FEATURE_BITMAP_SESSIONID_FILTER   0x0010
> + #define AUDIT_FEATURE_BITMAP_LOST_RESET 0x0020
> + 
>   #define AUDIT_FEATURE_BITMAP_ALL (AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT | \
> AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME | \
> AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH | \
>  +  AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND | \
> -   AUDIT_FEATURE_BITMAP_SESSIONID_FILTER)
> +   AUDIT_FEATURE_BITMAP_SESSIONID_FILTER | \
> +   AUDIT_FEATURE_BITMAP_LOST_RESET)
>   
>   /* deprecated: AUDIT_VERSION_* */
>   #define AUDIT_VERSION_LATESTAUDIT_FEATURE_BITMAP_ALL

- RGB

--
Richard Guy Briggs 
Kernel Security Engineering, Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635

Re: linux-next: manual merge of the audit tree with Linus' tree

2016-11-22 Thread Paul Moore 
On Tue, Nov 22, 2016 at 5:35 AM, Richard Guy Briggs  wrote:
> On 2016-11-22 16:29, Stephen Rothwell wrote:
>> Hi Paul,
>
> Hi Stephen,
>
>> Today's linux-next merge of the audit tree got a conflict in:
>>
>>   include/uapi/linux/audit.h
>>
>> between commit:
>>
>>   7ff89ac608d9 ("audit: add exclude filter extension to feature bitmap")
>>
>> from Linus' tree and commit:
>>
>>   0489410368df ("audit: add support for session ID user filter")
>>
>> from the audit tree.
>
> Ok, I expected this conflict...
>
>> I fixed it up (see below) and can carry the fix as necessary. This
>> is now fixed as far as linux-next is concerned, but any non trivial
>> conflicts should be mentioned to your upstream maintainer when your tree
>> is submitted for merging.  You may also want to consider cooperating
>> with the maintainer of the conflicting tree to minimise any particularly
>> complex conflicts.
>
> The fix looks as expected.  Thanks!

Yes, +1 to what Richard already said; I've had to apply similar
patches for some of my test kernels.

-- 
paul moore
www.paul-moore.com

Re: linux-next: manual merge of the audit tree with Linus' tree

2016-11-22 Thread Paul Moore 
On Tue, Nov 22, 2016 at 5:35 AM, Richard Guy Briggs  wrote:
> On 2016-11-22 16:29, Stephen Rothwell wrote:
>> Hi Paul,
>
> Hi Stephen,
>
>> Today's linux-next merge of the audit tree got a conflict in:
>>
>>   include/uapi/linux/audit.h
>>
>> between commit:
>>
>>   7ff89ac608d9 ("audit: add exclude filter extension to feature bitmap")
>>
>> from Linus' tree and commit:
>>
>>   0489410368df ("audit: add support for session ID user filter")
>>
>> from the audit tree.
>
> Ok, I expected this conflict...
>
>> I fixed it up (see below) and can carry the fix as necessary. This
>> is now fixed as far as linux-next is concerned, but any non trivial
>> conflicts should be mentioned to your upstream maintainer when your tree
>> is submitted for merging.  You may also want to consider cooperating
>> with the maintainer of the conflicting tree to minimise any particularly
>> complex conflicts.
>
> The fix looks as expected.  Thanks!

Yes, +1 to what Richard already said; I've had to apply similar
patches for some of my test kernels.

-- 
paul moore
www.paul-moore.com

Re: linux-next: manual merge of the audit tree with Linus' tree

2016-11-22 Thread Richard Guy Briggs 
On 2016-11-22 16:29, Stephen Rothwell wrote:
> Hi Paul,

Hi Stephen,

> Today's linux-next merge of the audit tree got a conflict in:
> 
>   include/uapi/linux/audit.h
> 
> between commit:
> 
>   7ff89ac608d9 ("audit: add exclude filter extension to feature bitmap")
> 
> from Linus' tree and commit:
> 
>   0489410368df ("audit: add support for session ID user filter")
> 
> from the audit tree.

Ok, I expected this conflict...

> I fixed it up (see below) and can carry the fix as necessary. This
> is now fixed as far as linux-next is concerned, but any non trivial
> conflicts should be mentioned to your upstream maintainer when your tree
> is submitted for merging.  You may also want to consider cooperating
> with the maintainer of the conflicting tree to minimise any particularly
> complex conflicts.

The fix looks as expected.  Thanks!

> Stephen Rothwell
> 
> diff --cc include/uapi/linux/audit.h
> index 208df7b44e90,c8dc97bc2c1b..
> --- a/include/uapi/linux/audit.h
> +++ b/include/uapi/linux/audit.h
> @@@ -329,11 -330,11 +330,13 @@@ enum 
>   #define AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT  0x0001
>   #define AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME  0x0002
>   #define AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH0x0004
>  +#define AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND 0x0008
> + #define AUDIT_FEATURE_BITMAP_SESSIONID_FILTER   0x0010
>   #define AUDIT_FEATURE_BITMAP_ALL (AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT | \
> AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME | \
> AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH | \
> -   AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND)
> ++  AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND | \
> +   AUDIT_FEATURE_BITMAP_SESSIONID_FILTER)
>   
>   /* deprecated: AUDIT_VERSION_* */
>   #define AUDIT_VERSION_LATESTAUDIT_FEATURE_BITMAP_ALL

- RGB

--
Richard Guy Briggs 
Kernel Security Engineering, Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635

Re: linux-next: manual merge of the audit tree with Linus' tree

2016-11-22 Thread Richard Guy Briggs 
On 2016-11-22 16:29, Stephen Rothwell wrote:
> Hi Paul,

Hi Stephen,

> Today's linux-next merge of the audit tree got a conflict in:
> 
>   include/uapi/linux/audit.h
> 
> between commit:
> 
>   7ff89ac608d9 ("audit: add exclude filter extension to feature bitmap")
> 
> from Linus' tree and commit:
> 
>   0489410368df ("audit: add support for session ID user filter")
> 
> from the audit tree.

Ok, I expected this conflict...

> I fixed it up (see below) and can carry the fix as necessary. This
> is now fixed as far as linux-next is concerned, but any non trivial
> conflicts should be mentioned to your upstream maintainer when your tree
> is submitted for merging.  You may also want to consider cooperating
> with the maintainer of the conflicting tree to minimise any particularly
> complex conflicts.

The fix looks as expected.  Thanks!

> Stephen Rothwell
> 
> diff --cc include/uapi/linux/audit.h
> index 208df7b44e90,c8dc97bc2c1b..
> --- a/include/uapi/linux/audit.h
> +++ b/include/uapi/linux/audit.h
> @@@ -329,11 -330,11 +330,13 @@@ enum 
>   #define AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT  0x0001
>   #define AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME  0x0002
>   #define AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH0x0004
>  +#define AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND 0x0008
> + #define AUDIT_FEATURE_BITMAP_SESSIONID_FILTER   0x0010
>   #define AUDIT_FEATURE_BITMAP_ALL (AUDIT_FEATURE_BITMAP_BACKLOG_LIMIT | \
> AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME | \
> AUDIT_FEATURE_BITMAP_EXECUTABLE_PATH | \
> -   AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND)
> ++  AUDIT_FEATURE_BITMAP_EXCLUDE_EXTEND | \
> +   AUDIT_FEATURE_BITMAP_SESSIONID_FILTER)
>   
>   /* deprecated: AUDIT_VERSION_* */
>   #define AUDIT_VERSION_LATESTAUDIT_FEATURE_BITMAP_ALL

- RGB

--
Richard Guy Briggs 
Kernel Security Engineering, Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635

Re: linux-next: manual merge of the audit tree with Linus' tree

2015-11-19 Thread Stephen Rothwell 
Hi Richard,

On Thu, 19 Nov 2015 13:30:12 -0500 Richard Guy Briggs  wrote:
>
> Stephen, your patch looks fine to me.  I had some minor concerns about
> deeper issues as to whether the original intent of that part of the
> audit subsystem was affected by this change, but that is WRT the
> conflicting patch rather than your merge.  After poking around a bit, I
> don't have any outstanding concerns.

Thanks for checking.
-- 
Cheers,
Stephen Rothwells...@canb.auug.org.au
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: linux-next: manual merge of the audit tree with Linus' tree

2015-11-19 Thread Richard Guy Briggs 
On 15/11/19, Paul Moore wrote:
> On Wed, Nov 18, 2015 at 8:06 PM, Stephen Rothwell  
> wrote:
> > Hi Paul,
> >
> > Today's linux-next merge of the audit tree got a conflict in:
> >
> >   kernel/audit.c
> >
> > between commit:
> >
> >   d0164adc89f6 ("mm, page_alloc: distinguish between being unable to sleep, 
> > unwilling to sleep and avoiding waking kswapd")
> >
> > from Linus' tree and commit:
> >
> >   14eeba1d242e ("audit: include auditd's threads in audit_log_start() wait 
> > exception")
> >
> > from the audit tree.
> >
> > I fixed it up (see below) and can carry the fix as necessary (no action
> > is required).
> 
> Thanks Stephen, I found the same thing yesterday while doing some
> testing; your patch looks good to me.

Stephen, your patch looks fine to me.  I had some minor concerns about
deeper issues as to whether the original intent of that part of the
audit subsystem was affected by this change, but that is WRT the
conflicting patch rather than your merge.  After poking around a bit, I
don't have any outstanding concerns.

> > diff --cc kernel/audit.c
> > index bc2ff61bc1d6,ca1b9cda2766..
> > --- a/kernel/audit.c
> > +++ b/kernel/audit.c
> > @@@ -1371,9 -1371,9 +1371,9 @@@ struct audit_buffer *audit_log_start(st
> > if (unlikely(audit_filter_type(type)))
> > return NULL;
> >
> >  -  if (gfp_mask & __GFP_WAIT) {
> >  +  if (gfp_mask & __GFP_DIRECT_RECLAIM) {
> > -   if (audit_pid && audit_pid == current->pid)
> > +   if (audit_pid && audit_pid == current->tgid)
> >  -  gfp_mask &= ~__GFP_WAIT;
> >  +  gfp_mask &= ~__GFP_DIRECT_RECLAIM;
> > else
> > reserve = 0;
> > }
> 
> paul moore

- RGB

--
Richard Guy Briggs 
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red 
Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: linux-next: manual merge of the audit tree with Linus' tree

2015-11-19 Thread Paul Moore 
On Wed, Nov 18, 2015 at 8:06 PM, Stephen Rothwell  wrote:
> Hi Paul,
>
> Today's linux-next merge of the audit tree got a conflict in:
>
>   kernel/audit.c
>
> between commit:
>
>   d0164adc89f6 ("mm, page_alloc: distinguish between being unable to sleep, 
> unwilling to sleep and avoiding waking kswapd")
>
> from Linus' tree and commit:
>
>   14eeba1d242e ("audit: include auditd's threads in audit_log_start() wait 
> exception")
>
> from the audit tree.
>
> I fixed it up (see below) and can carry the fix as necessary (no action
> is required).

Thanks Stephen, I found the same thing yesterday while doing some
testing; your patch looks good to me.

> diff --cc kernel/audit.c
> index bc2ff61bc1d6,ca1b9cda2766..
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@@ -1371,9 -1371,9 +1371,9 @@@ struct audit_buffer *audit_log_start(st
> if (unlikely(audit_filter_type(type)))
> return NULL;
>
>  -  if (gfp_mask & __GFP_WAIT) {
>  +  if (gfp_mask & __GFP_DIRECT_RECLAIM) {
> -   if (audit_pid && audit_pid == current->pid)
> +   if (audit_pid && audit_pid == current->tgid)
>  -  gfp_mask &= ~__GFP_WAIT;
>  +  gfp_mask &= ~__GFP_DIRECT_RECLAIM;
> else
> reserve = 0;
> }



-- 
paul moore
www.paul-moore.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: linux-next: manual merge of the audit tree with Linus' tree

2015-11-19 Thread Richard Guy Briggs 
On 15/11/19, Paul Moore wrote:
> On Wed, Nov 18, 2015 at 8:06 PM, Stephen Rothwell  
> wrote:
> > Hi Paul,
> >
> > Today's linux-next merge of the audit tree got a conflict in:
> >
> >   kernel/audit.c
> >
> > between commit:
> >
> >   d0164adc89f6 ("mm, page_alloc: distinguish between being unable to sleep, 
> > unwilling to sleep and avoiding waking kswapd")
> >
> > from Linus' tree and commit:
> >
> >   14eeba1d242e ("audit: include auditd's threads in audit_log_start() wait 
> > exception")
> >
> > from the audit tree.
> >
> > I fixed it up (see below) and can carry the fix as necessary (no action
> > is required).
> 
> Thanks Stephen, I found the same thing yesterday while doing some
> testing; your patch looks good to me.

Stephen, your patch looks fine to me.  I had some minor concerns about
deeper issues as to whether the original intent of that part of the
audit subsystem was affected by this change, but that is WRT the
conflicting patch rather than your merge.  After poking around a bit, I
don't have any outstanding concerns.

> > diff --cc kernel/audit.c
> > index bc2ff61bc1d6,ca1b9cda2766..
> > --- a/kernel/audit.c
> > +++ b/kernel/audit.c
> > @@@ -1371,9 -1371,9 +1371,9 @@@ struct audit_buffer *audit_log_start(st
> > if (unlikely(audit_filter_type(type)))
> > return NULL;
> >
> >  -  if (gfp_mask & __GFP_WAIT) {
> >  +  if (gfp_mask & __GFP_DIRECT_RECLAIM) {
> > -   if (audit_pid && audit_pid == current->pid)
> > +   if (audit_pid && audit_pid == current->tgid)
> >  -  gfp_mask &= ~__GFP_WAIT;
> >  +  gfp_mask &= ~__GFP_DIRECT_RECLAIM;
> > else
> > reserve = 0;
> > }
> 
> paul moore

- RGB

--
Richard Guy Briggs 
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red 
Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: linux-next: manual merge of the audit tree with Linus' tree

2015-11-19 Thread Stephen Rothwell 
Hi Richard,

On Thu, 19 Nov 2015 13:30:12 -0500 Richard Guy Briggs  wrote:
>
> Stephen, your patch looks fine to me.  I had some minor concerns about
> deeper issues as to whether the original intent of that part of the
> audit subsystem was affected by this change, but that is WRT the
> conflicting patch rather than your merge.  After poking around a bit, I
> don't have any outstanding concerns.

Thanks for checking.
-- 
Cheers,
Stephen Rothwells...@canb.auug.org.au
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: linux-next: manual merge of the audit tree with Linus' tree

2015-11-19 Thread Paul Moore 
On Wed, Nov 18, 2015 at 8:06 PM, Stephen Rothwell  wrote:
> Hi Paul,
>
> Today's linux-next merge of the audit tree got a conflict in:
>
>   kernel/audit.c
>
> between commit:
>
>   d0164adc89f6 ("mm, page_alloc: distinguish between being unable to sleep, 
> unwilling to sleep and avoiding waking kswapd")
>
> from Linus' tree and commit:
>
>   14eeba1d242e ("audit: include auditd's threads in audit_log_start() wait 
> exception")
>
> from the audit tree.
>
> I fixed it up (see below) and can carry the fix as necessary (no action
> is required).

Thanks Stephen, I found the same thing yesterday while doing some
testing; your patch looks good to me.

> diff --cc kernel/audit.c
> index bc2ff61bc1d6,ca1b9cda2766..
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@@ -1371,9 -1371,9 +1371,9 @@@ struct audit_buffer *audit_log_start(st
> if (unlikely(audit_filter_type(type)))
> return NULL;
>
>  -  if (gfp_mask & __GFP_WAIT) {
>  +  if (gfp_mask & __GFP_DIRECT_RECLAIM) {
> -   if (audit_pid && audit_pid == current->pid)
> +   if (audit_pid && audit_pid == current->tgid)
>  -  gfp_mask &= ~__GFP_WAIT;
>  +  gfp_mask &= ~__GFP_DIRECT_RECLAIM;
> else
> reserve = 0;
> }



-- 
paul moore
www.paul-moore.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: linux-next: manual merge of the audit tree with Linus' tree

2015-10-06 Thread Paul Moore 
On Tuesday, October 06, 2015 01:55:01 PM Stephen Rothwell wrote:
> Hi Paul,
> 
> Today's linux-next merge of the audit tree got a conflict in:
> 
>   include/linux/lsm_audit.h
> 
> between commit:
> 
>   671a2781ff01 ("security: add ioctl specific auditing to lsm_audit")
> 
> from Linus' tree and commit:
> 
>   43cfd5e38587 ("audit: constify parts of common_audit_data and
> lsm_network_audit")
> 
> from the audit tree.
> 
> I fixed it up (see below) and can carry the fix as necessary (no action
> is required).

Thanks, that patch looks correct, although I'm going to drop the patch causing 
this problem for the time being as there are some oddities with the build 
warning that you posted which aren't immediately obvious to me.  Something 
weird is causing it to work in audit#next but throw a warning when applied on 
top of Linus' current ... I'll reapply the patch once I've resolved the issue.

-- 
paul moore
www.paul-moore.com

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: linux-next: manual merge of the audit tree with Linus' tree

2015-10-06 Thread Paul Moore 
On Tuesday, October 06, 2015 01:55:01 PM Stephen Rothwell wrote:
> Hi Paul,
> 
> Today's linux-next merge of the audit tree got a conflict in:
> 
>   include/linux/lsm_audit.h
> 
> between commit:
> 
>   671a2781ff01 ("security: add ioctl specific auditing to lsm_audit")
> 
> from Linus' tree and commit:
> 
>   43cfd5e38587 ("audit: constify parts of common_audit_data and
> lsm_network_audit")
> 
> from the audit tree.
> 
> I fixed it up (see below) and can carry the fix as necessary (no action
> is required).

Thanks, that patch looks correct, although I'm going to drop the patch causing 
this problem for the time being as there are some oddities with the build 
warning that you posted which aren't immediately obvious to me.  Something 
weird is causing it to work in audit#next but throw a warning when applied on 
top of Linus' current ... I'll reapply the patch once I've resolved the issue.

-- 
paul moore
www.paul-moore.com

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: linux-next: manual merge of the audit tree with Linus' tree

2015-08-07 Thread Richard Guy Briggs 
On 15/08/07, Stephen Rothwell wrote:
> Hi Paul,

Hi Stephen,

> Today's linux-next merge of the audit tree got a conflict in:
> 
>   kernel/audit.c
> 
> between commit:
> 
>   5985de6754a6 ("audit: code clean up")
> 
> from Linus' tree and commit:
> 
>   84cb777e6781 ("audit: use macros for unset inode and device values")
> 
> from the audit tree.
> 
> I fixed it up (see below) and can carry the fix as necessary (no action
> is required).

Yup, looks good, thanks!  :)

> -- 
> Cheers,
> Stephen Rothwells...@canb.auug.org.au
> 
> diff --cc kernel/audit.c
> index f9e6065346db,060153dc47d4..
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@@ -1761,7 -1759,7 +1761,7 @@@ void audit_log_name(struct audit_contex
>   } else
>   audit_log_format(ab, " name=(null)");
>   
> - if (n->ino != (unsigned long)-1)
>  -if (n->ino != AUDIT_INO_UNSET) {
> ++if (n->ino != AUDIT_INO_UNSET)
>   audit_log_format(ab, " inode=%lu"
>" dev=%02x:%02x mode=%#ho"
>" ouid=%u ogid=%u rdev=%02x:%02x",

- RGB

--
Richard Guy Briggs 
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red 
Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: linux-next: manual merge of the audit tree with Linus' tree

2015-08-07 Thread Richard Guy Briggs 
On 15/08/07, Stephen Rothwell wrote:
 Hi Paul,

Hi Stephen,

 Today's linux-next merge of the audit tree got a conflict in:
 
   kernel/audit.c
 
 between commit:
 
   5985de6754a6 (audit: code clean up)
 
 from Linus' tree and commit:
 
   84cb777e6781 (audit: use macros for unset inode and device values)
 
 from the audit tree.
 
 I fixed it up (see below) and can carry the fix as necessary (no action
 is required).

Yup, looks good, thanks!  :)

 -- 
 Cheers,
 Stephen Rothwells...@canb.auug.org.au
 
 diff --cc kernel/audit.c
 index f9e6065346db,060153dc47d4..
 --- a/kernel/audit.c
 +++ b/kernel/audit.c
 @@@ -1761,7 -1759,7 +1761,7 @@@ void audit_log_name(struct audit_contex
   } else
   audit_log_format(ab,  name=(null));
   
 - if (n-ino != (unsigned long)-1)
  -if (n-ino != AUDIT_INO_UNSET) {
 ++if (n-ino != AUDIT_INO_UNSET)
   audit_log_format(ab,  inode=%lu
 dev=%02x:%02x mode=%#ho
 ouid=%u ogid=%u rdev=%02x:%02x,

- RGB

--
Richard Guy Briggs rbri...@redhat.com
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red 
Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: linux-next: manual merge of the audit tree with Linus' tree

2015-06-01 Thread Richard Guy Briggs 
On 15/06/01, Stephen Rothwell wrote:
> Hi Paul,
> 
> Today's linux-next merge of the audit tree got a conflict in
> security/lsm_audit.c between commit 5deeb5cece3f ("lsm: copy comm
> before calling audit_log to avoid race in string printing") from Linus'
> tree and commit 5c5bc97e2fc8 ("lsm: rename duplicate labels in
> LSM_AUDIT_DATA_TASK audit message type") from the audit tree.
> 
> I fixed it up (see below) and can carry the fix as necessary (no action
> is required).

Perfect, thanks, fix looks right.  Cheers!

> Stephen Rothwells...@canb.auug.org.au
> 
> diff --cc security/lsm_audit.c
> index 1d34277dc402,07fc99724d41..
> --- a/security/lsm_audit.c
> +++ b/security/lsm_audit.c
> @@@ -281,10 -281,8 +281,10 @@@ static void dump_common_audit_data(stru
>   if (tsk) {
>   pid_t pid = task_pid_nr(tsk);
>   if (pid) {
>  +char comm[sizeof(tsk->comm)];
> - audit_log_format(ab, " pid=%d comm=", pid);
> + audit_log_format(ab, " opid=%d ocomm=", pid);
>  -audit_log_untrustedstring(ab, tsk->comm);
>  +audit_log_untrustedstring(ab,
>  +memcpy(comm, tsk->comm, sizeof(comm)));
>   }
>   }
>   break;



- RGB

--
Richard Guy Briggs 
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red 
Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: linux-next: manual merge of the audit tree with Linus' tree

2015-06-01 Thread Richard Guy Briggs 
On 15/06/01, Stephen Rothwell wrote:
 Hi Paul,
 
 Today's linux-next merge of the audit tree got a conflict in
 security/lsm_audit.c between commit 5deeb5cece3f (lsm: copy comm
 before calling audit_log to avoid race in string printing) from Linus'
 tree and commit 5c5bc97e2fc8 (lsm: rename duplicate labels in
 LSM_AUDIT_DATA_TASK audit message type) from the audit tree.
 
 I fixed it up (see below) and can carry the fix as necessary (no action
 is required).

Perfect, thanks, fix looks right.  Cheers!

 Stephen Rothwells...@canb.auug.org.au
 
 diff --cc security/lsm_audit.c
 index 1d34277dc402,07fc99724d41..
 --- a/security/lsm_audit.c
 +++ b/security/lsm_audit.c
 @@@ -281,10 -281,8 +281,10 @@@ static void dump_common_audit_data(stru
   if (tsk) {
   pid_t pid = task_pid_nr(tsk);
   if (pid) {
  +char comm[sizeof(tsk-comm)];
 - audit_log_format(ab,  pid=%d comm=, pid);
 + audit_log_format(ab,  opid=%d ocomm=, pid);
  -audit_log_untrustedstring(ab, tsk-comm);
  +audit_log_untrustedstring(ab,
  +memcpy(comm, tsk-comm, sizeof(comm)));
   }
   }
   break;



- RGB

--
Richard Guy Briggs rbri...@redhat.com
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red 
Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: linux-next: manual merge of the audit tree with Linus' tree

2015-01-20 Thread Paul Moore 
On Mon, Jan 19, 2015 at 11:04 PM, Stephen Rothwell  
wrote:
> Hi Paul,
>
> Today's linux-next merge of the audit tree got a conflict in
> include/linux/audit.h between commit 041d7b98ffe5 ("audit: restore
> AUDIT_LOGINUID unset ABI") from Linus' tree and commit e80da768eae4
> ("audit: remove vestiges of vers_ops") from the audit tree.

I suspect rebasing the audit next branch will resolve this issue as well.

-- 
paul moore
www.paul-moore.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: linux-next: manual merge of the audit tree with Linus' tree

2015-01-20 Thread Paul Moore 
On Mon, Jan 19, 2015 at 11:04 PM, Stephen Rothwell s...@canb.auug.org.au 
wrote:
 Hi Paul,

 Today's linux-next merge of the audit tree got a conflict in
 include/linux/audit.h between commit 041d7b98ffe5 (audit: restore
 AUDIT_LOGINUID unset ABI) from Linus' tree and commit e80da768eae4
 (audit: remove vestiges of vers_ops) from the audit tree.

I suspect rebasing the audit next branch will resolve this issue as well.

-- 
paul moore
www.paul-moore.com
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: linux-next: manual merge of the audit tree with Linus' tree

2014-04-16 Thread Eric Paris 
On Wed, 2014-04-16 at 14:02 +1000, Stephen Rothwell wrote:

> You could have avoided this by doing a fast forward merge of v3.15-rc1
> instead of the v3.14 merge (since everything in your tree before that
> merge was also in Linus' tree by v3.15-rc1).

This is a situation I've never really known the right way to handle.  I
certainly could/can fast forward to 3.15-rc1, but then I have a random
crap development base for the audit tree.  Which is especially bad sine
-rc1 doesn't even boot on my main machine.

What I've always done is to merge the last release right after the pull
and go from there, but it clearly leaves conflict potential

Which is preferred?  I've always enjoyed having my trees based on a
release

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: linux-next: manual merge of the audit tree with Linus' tree

2014-04-16 Thread Eric Paris 
On Wed, 2014-04-16 at 14:02 +1000, Stephen Rothwell wrote:

 You could have avoided this by doing a fast forward merge of v3.15-rc1
 instead of the v3.14 merge (since everything in your tree before that
 merge was also in Linus' tree by v3.15-rc1).

This is a situation I've never really known the right way to handle.  I
certainly could/can fast forward to 3.15-rc1, but then I have a random
crap development base for the audit tree.  Which is especially bad sine
-rc1 doesn't even boot on my main machine.

What I've always done is to merge the last release right after the pull
and go from there, but it clearly leaves conflict potential

Which is preferred?  I've always enjoyed having my trees based on a
release

--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: linux-next: manual merge of the audit tree with Linus' tree

2014-04-01 Thread Stephen Rothwell 
Hi Richard,

On Tue, 1 Apr 2014 08:54:13 -0400 Richard Guy Briggs  wrote:
>
> > [Eric: that audit tree commit has no Signed-off-by from you even though
> > you committed it ... there are a few like that]
> 
> I added my Signed-off to the list posting.

The point is that Eric (Paris) committed your patch to his "audit" tree
(at least the commit in his tree indicates that he was the committer) and
(presumably) will ask Linus to pull his tree, but did not add his
Signed-off-by to the commit (which he should have done).

-- 
Cheers,
Stephen Rothwells...@canb.auug.org.au


pgp2E7KNcWauN.pgp
Description: PGP signature

Re: linux-next: manual merge of the audit tree with Linus' tree

2014-04-01 Thread Richard Guy Briggs 
On 14/04/01, Stephen Rothwell wrote:
> Hi Eric,

Hi Stephen,

> Today's linux-next merge of the audit tree got a conflict in
> kernel/audit.c between commit aa4af831bb4f ("AUDIT: Allow login in
> non-init namespaces") from Linus' tree and commit 5a3cb3b6c3a0 ("audit:
> allow user processes to log from another PID namespace") from the audit
> tree.
> 
> I fixed it up (see below) and can carry the fix as necessary (no action
> is required).

I expected this conflict.  Thanks for fixing it up!

> [Eric: that audit tree commit has no Signed-off-by from you even though
> you committed it ... there are a few like that]

I added my Signed-off to the list posting.

> -- 
> Cheers,
> Stephen Rothwells...@canb.auug.org.au
> 
> diff --cc kernel/audit.c
> index 95a20f3f52f1,ad77d1e80895..
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@@ -607,20 -607,9 +607,19 @@@ static int audit_netlink_ok(struct sk_b
>   {
>   int err = 0;
>   
> - /* Only support the initial namespaces for now. */
> + /* Only support initial user namespace for now. */
>  +/*
>  + * We return ECONNREFUSED because it tricks userspace into thinking
>  + * that audit was not configured into the kernel.  Lots of users
>  + * configure their PAM stack (because that's what the distro does)
>  + * to reject login if unable to send messages to audit.  If we return
>  + * ECONNREFUSED the PAM stack thinks the kernel does not have audit
>  + * configured in and will let login proceed.  If we return EPERM
>  + * userspace will reject all logins.  This should be removed when we
>  + * support non init namespaces!!
>  + */
> - if ((current_user_ns() != _user_ns) ||
> - (task_active_pid_ns(current) != _pid_ns))
> + if ((current_user_ns() != _user_ns))
>  -return -EPERM;
>  +return -ECONNREFUSED;
>   
>   switch (msg_type) {
>   case AUDIT_LIST:



- RGB

--
Richard Guy Briggs 
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red 
Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: linux-next: manual merge of the audit tree with Linus' tree

2014-04-01 Thread Richard Guy Briggs 
On 14/04/01, Stephen Rothwell wrote:
 Hi Eric,

Hi Stephen,

 Today's linux-next merge of the audit tree got a conflict in
 kernel/audit.c between commit aa4af831bb4f (AUDIT: Allow login in
 non-init namespaces) from Linus' tree and commit 5a3cb3b6c3a0 (audit:
 allow user processes to log from another PID namespace) from the audit
 tree.
 
 I fixed it up (see below) and can carry the fix as necessary (no action
 is required).

I expected this conflict.  Thanks for fixing it up!

 [Eric: that audit tree commit has no Signed-off-by from you even though
 you committed it ... there are a few like that]

I added my Signed-off to the list posting.

 -- 
 Cheers,
 Stephen Rothwells...@canb.auug.org.au
 
 diff --cc kernel/audit.c
 index 95a20f3f52f1,ad77d1e80895..
 --- a/kernel/audit.c
 +++ b/kernel/audit.c
 @@@ -607,20 -607,9 +607,19 @@@ static int audit_netlink_ok(struct sk_b
   {
   int err = 0;
   
 - /* Only support the initial namespaces for now. */
 + /* Only support initial user namespace for now. */
  +/*
  + * We return ECONNREFUSED because it tricks userspace into thinking
  + * that audit was not configured into the kernel.  Lots of users
  + * configure their PAM stack (because that's what the distro does)
  + * to reject login if unable to send messages to audit.  If we return
  + * ECONNREFUSED the PAM stack thinks the kernel does not have audit
  + * configured in and will let login proceed.  If we return EPERM
  + * userspace will reject all logins.  This should be removed when we
  + * support non init namespaces!!
  + */
 - if ((current_user_ns() != init_user_ns) ||
 - (task_active_pid_ns(current) != init_pid_ns))
 + if ((current_user_ns() != init_user_ns))
  -return -EPERM;
  +return -ECONNREFUSED;
   
   switch (msg_type) {
   case AUDIT_LIST:



- RGB

--
Richard Guy Briggs rbri...@redhat.com
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red 
Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: linux-next: manual merge of the audit tree with Linus' tree

2014-04-01 Thread Stephen Rothwell 
Hi Richard,

On Tue, 1 Apr 2014 08:54:13 -0400 Richard Guy Briggs r...@redhat.com wrote:

  [Eric: that audit tree commit has no Signed-off-by from you even though
  you committed it ... there are a few like that]
 
 I added my Signed-off to the list posting.

The point is that Eric (Paris) committed your patch to his audit tree
(at least the commit in his tree indicates that he was the committer) and
(presumably) will ask Linus to pull his tree, but did not add his
Signed-off-by to the commit (which he should have done).

-- 
Cheers,
Stephen Rothwells...@canb.auug.org.au


pgp2E7KNcWauN.pgp
Description: PGP signature