On Tue, 2017-10-17 at 13:15 -0400, Steve Grubb wrote:

On Tuesday, October 17, 2017 12:43:18 PM EDT Casey Schaufler wrote:

quoted

quoted

The idea is that processes spawned into a container would be
labelled by the container orchestration system.  It's unclear
what should happen to processes using nsenter after the fact, but
policy for that should be up to the orchestration system.

I'm fine with that. The user space policy can be anything y'all
like.

I think there should be a login event.

I thought you wanted this for containers?  Container creation doesn't
have login events.  In an unprivileged orchestration system it may be
hard to synthetically manufacture them.

James

_______________________________________________
Containers mailing list
Containers@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/containers