On Sun, 2018-03-04 at 22:31 -0500, Richard Guy Briggs wrote:

On 2018-03-04 16:55, Mimi Zohar wrote:

quoted

On Thu, 2018-03-01 at 14:41 -0500, Richard Guy Briggs wrote:

quoted

Implement audit kernel container ID.

This patchset is a preliminary RFC based on the proposal document (V3)
posted:
	https://www.redhat.com/archives/linux-audit/2018-January/msg00014.html

The first patch implements the proc fs write to set the audit container
ID of a process, emitting an AUDIT_CONTAINER record.

The second implements an auxiliary syscall record AUDIT_CONTAINER_INFO
if a container ID is present on a task.

The third adds filtering to the exit, exclude and user lists.

The 4th, implements reading the container ID from the proc filesystem
for debugging.  This isn't planned for upstream inclusion.

The 5th adds signal and ptrace support.

The 6th attempts to create a local audit context to be able to bind a
standalone record with the container ID record.

The 7th, 8th, 9th, 10th patches add container ID records to standalone
records.  Some of these may end up being syscall auxiliary records and
won't need this specific support since they'll be supported via
syscalls.

The 11th is a temporary workaround due to the AUDIT_CONTAINER records
not showing up as do AUDIT_LOGIN records.  I suspect this is due to its
range (1000 vs 1300), but the intent is to solve it.

The 12th adds debug information not intended for upstream for those
brave souls wanting to tinker with it in this early state.

Feedback please!

Which tree can this patch set be applied to?

git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git next

Thanks, that worked.  In case anyone else is trying to apply these
patches to a 4.16.0-rc based kernel, commit 4e7e3adbba52 ("Expand
various INIT_* macros and remove") moved .sessionid
to init/init_task.c.

Mimi

_______________________________________________
Containers mailing list
Containers@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/containers