Re: [PATCH v17 09/15] seccomp: remove duplicated failure logging

[Kees Cook]

On Mon, Apr 9, 2012 at 12:26 PM, Will Drewry <wad@xxxxxxxxxxxx> wrote:
> On Fri, Apr 6, 2012 at 4:14 PM, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> wrote:
>> On Thu, 29 Mar 2012 15:01:54 -0500
>> Will Drewry <wad@xxxxxxxxxxxx> wrote:
>>
>>> From: Kees Cook <keescook@xxxxxxxxxxxx>
>>>
>>> This consolidates the seccomp filter error logging path and adds more
>>> details to the audit log.
>>>
>>> ...
>>>
>>> -void __audit_seccomp(unsigned long syscall)
>>> +void __audit_seccomp(unsigned long syscall, long signr, int code)
>>>  {
>>>       struct audit_buffer *ab;
>>>
>>>       ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_ANOM_ABEND);
>>> -     audit_log_abend(ab, "seccomp", SIGKILL);
>>> +     audit_log_abend(ab, "seccomp", signr);
>>>       audit_log_format(ab, " syscall=%ld", syscall);
>>> +#ifdef CONFIG_COMPAT
>>> +     audit_log_format(ab, " compat=%d", is_compat_task());
>>> +#endif
>>
>> We don't need the ifdef for compilation reasons now.
>>
>> The question is: should we emit the compat= record on
>> non-compat-capable architectures?  Doing so would be safer - making it
>> conditional invites people to write x86-only usersapce.
>
> I'd certainly prefer it always being there for exactly that reason.
>
> Kees, Eric, any preferences?  Unless I hear one, I'll just drop the
> ifdefs in the next revision.

Yeah, I'd prefer the ifdefs dropped too.

-Kees

-- 
Kees Cook
ChromeOS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/