Unmerged patches adding audit when protected_regular/fifos sysctl causes EACCES
From: JÃrÃmie Galarneau
Date: Wed Sep 25 2019 - 14:59:15 EST
Hi Kees,
I have noticed that the two top-most patches of your protected-creat
branch were never merged upstream [1]. Those patches add audit logs
whenever the protected_regular or protected_fifo sysctl prevent the
creation of a file/fifo.
They were mentioned in the v4 thread [2] of the "main" patch and
seemed acceptable, but they were no longer mentioned in v5 [3], which
was merged.
Now that systemd enables those sysctls by default (v241+), I got
bitten pretty hard by this check and it took me a while to figure out
what was happening [4]. I ended up catching it by adding a bunch of
printk(), including where you proposed to add an audit log statement.
I just found your two patches while implementing what you proposed almost 1:1.
Was there a reason why those were abandoned? Otherwise, would you mind
resubmitting them?
Thanks!
JÃrÃmie
[1] https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=kspp/userspace/protected-creat
[2] https://lkml.org/lkml/2018/4/10/840
[3] https://lore.kernel.org/lkml/20180416175918.GA13494@beast/
[4] https://github.com/lttng/lttng-tools/commit/cf86ff2c4ababd01fea7ab2c9c289cb7c0a1bcd5
--
JÃrÃmie Galarneau
EfficiOS Inc.
http://www.efficios.com