Thread (81 messages) 81 messages, 8 authors, 2019-07-18

Re: [PATCH ghak90 V6 00/10] audit: implement container identifier

From: Paul Moore <paul@paul-moore.com>
Date: 2019-05-29 13:15:01
Also in: linux-fsdevel, lkml, netdev, netfilter-devel 

On Tue, May 28, 2019 at 8:44 PM Richard Guy Briggs [off-list ref] wrote:
On 2019-05-28 19:00, Steve Grubb wrote:
quoted
On Tuesday, May 28, 2019 6:26:47 PM EDT Paul Moore wrote:
quoted
On Tue, May 28, 2019 at 5:54 PM Daniel Walsh [off-list ref] wrote:
...
quoted
quoted
quoted
Mrunal Patel (maintainer of CRI-O) and I have reviewed the API, and
believe this is something we can work on in the container runtimes team
to implement the container auditing code in CRI-O and Podman.
Thanks Dan.  If I pulled this into a branch and built you some test
kernels to play with, any idea how long it might take to get a proof
of concept working on the cri-o side?
We'd need to merge user space patches and let them use that instead of the
raw interface. I'm not going to merge user space until we are pretty sure the
patch is going into the kernel.
I have an f29 test rpm of the userspace bits if that helps for testing:
        http://people.redhat.com/~rbriggs/ghak90/git-1db7e21/

Here's what it contains (minus the last patch):
        https://github.com/linux-audit/audit-userspace/compare/master...rgbriggs:ghau40-containerid-filter.v7.0
Yes, exactly.  Just as I plan to start making some test kernels for
people to play with (assuming v6 looks okay), I think it would be good
if Steve could make a test build of the latest audit userspace with
the audit container ID patches.  It really shouldn't be that hard, and
the benefits should far outweigh any time spent generating the
tree/builds.

-- 
paul moore
www.paul-moore.com
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help