From owner-trustedbsd-discuss@freebsd.org Mon Aug 15 22:37:30 2016 Return-Path: Delivered-To: trustedbsd-discuss@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1B70FBB9586; Mon, 15 Aug 2016 22:37:30 +0000 (UTC) (envelope-from mpp302@gmail.com) Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com [74.125.82.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B438E150C; Mon, 15 Aug 2016 22:37:29 +0000 (UTC) (envelope-from mpp302@gmail.com) Received: by mail-wm0-f65.google.com with SMTP id o80so13402728wme.0; Mon, 15 Aug 2016 15:37:29 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:content-transfer-encoding:subject:date :message-id:cc:to:mime-version; bh=js/dn0ARYNgBAO9nkckxOs9AVSSUkrrFAtu/8ngTw3U=; b=lYRsr9cQj5BZ0vrafeSQ620ypUc1pn3ZNiYNlIi7qH6Qd/NX2KGuTuOr/hpNkLdXdN X0Tx/KqDzKX22NyHoAIgXvM28HF8bkNMzXz0lNnqwm0YxlWeD9EO47ZdTmFin4BOjYOF ZcZYib7mM4IndVeWpxpFYpFsxAqeWje8FduTz4+vaC3Su7EpYUmtvxCwv+niOeU2H9RT zvyXD7FhQVDd9m0KxK623y3KJNM42cQm9LT4qRThZAbnU0kZObE1XNP7hf+4htVdZ2Yy i5LmQNsTKidXT6QTQILEHIxQ4ovzB6lZGk3snZ4DbLdgOePjhWtgNJC7TDT+o6hnyp7f Mu8Q== X-Gm-Message-State: AEkooutReWOIkKu/yRJDN3ipULfc8nWOXkbDYEmACWUAjFFm3VOLML0R6A/ocXJDMwRuNg== X-Received: by 10.28.113.151 with SMTP id d23mr18500003wmi.89.1471299522730; Mon, 15 Aug 2016 15:18:42 -0700 (PDT) Received: from maka.fritz.box (dslb-178-008-181-169.178.008.pools.vodafone-ip.de. [178.8.181.169]) by smtp.gmail.com with ESMTPSA id h7sm23547890wjd.17.2016.08.15.15.18.41 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Aug 2016 15:18:41 -0700 (PDT) From: Mateusz Piotrowski <0mp@FreeBSD.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Subject: How to bring au_to_attr(3) back to the userland? Date: Tue, 16 Aug 2016 00:18:40 +0200 Message-Id: <83CC669E-FED9-4ABE-A5A5-376E1A743AF8@FreeBSD.org> Cc: Konrad Witaszczyk , rwatson@FreeBSD.org To: freebsd-hackers@freebsd.org, trustedbsd-audit@freebsd.org, trustedbsd-discuss@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) X-Mailer: Apple Mail (2.3124) X-BeenThere: trustedbsd-discuss@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: TrustedBSD General Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Aug 2016 22:37:30 -0000 Hello, I participate in Google Summer of Code at FreeBSD this year. My project = is about converting Linux Audit logs to the BSM format (see my wiki[0]). Recently, I've come across a problem with the libbsm(3) API. I'd like to = be able to generate an attribute token. Unfortunatelly, au_to_attr which = generates those tokens is not available in the userland (I email FreeBSD-hackers at = FreeBSD about this issue[1]). Together with my mentor we came up with a few possible solutions to this = problem but we are not sure which one is the best. This is why I'd like to = dicuss the pros and cons. Solutions: 1. The first idea is to add a userland version of the au_to_attr = function. The implementation would be similar to the one of the au_to_exec_* = functions. (See sys/security/audit/bsm_token.c[2].) 2. The second idea is to bring back the vattr structure. At the moment au_to_attr has one paramter of type `struct vnode_au_info`. = Historically, au_to_attr used `struct vattr`. A possible solution is to bring vattr = to the userland and change the parameter of au_to_attr back to `struct vattr`. At the moment `struct vattr` is included in sys/vnode.h but it lacks = the interace. (I summed up everything I know on this wiki page[3].) 3. The last idea is to make `struct vnode_au_info` and `au_to_attr` = accessible from the userland (by simply unwrapping the prototypes from the = KERNEL/_KERNEL conditional compilation macros). Cheers, -Mateusz [0]: = https://wiki.freebsd.org/SummerOfCode2016/NonBSMtoBSMConversionTools [1]: = https://lists.freebsd.org/pipermail/freebsd-hackers/2016-August/049835.htm= l [2]: = https://github.com/freebsd/freebsd/blob/af3e10e5a78d3af8cef6088748978c6c61= 2757f0/sys/security/audit/bsm_token.c#L1281-L1405 [3]: = https://github.com/0mp/freebsd/wiki/vattr(99://github.com/0mp/freebsd/wiki= /vattr(99)