On Sun, 2018-03-04 at 22:31 -0500, Richard Guy Briggs wrote: > On 2018-03-04 16:55, Mimi Zohar wrote: > > On Thu, 2018-03-01 at 14:41 -0500, Richard Guy Briggs wrote: > > > Implement audit kernel container ID. > > > > > > This patchset is a preliminary RFC based on the proposal document (V3) > > > posted: > > > https://www.redhat.com/archives/linux-audit/2018-January/msg00014.html > > > > > > The first patch implements the proc fs write to set the audit container > > > ID of a process, emitting an AUDIT_CONTAINER record. > > > > > > The second implements an auxiliary syscall record AUDIT_CONTAINER_INFO > > > if a container ID is present on a task. > > > > > > The third adds filtering to the exit, exclude and user lists. > > > > > > The 4th, implements reading the container ID from the proc filesystem > > > for debugging. This isn't planned for upstream inclusion. > > > > > > The 5th adds signal and ptrace support. > > > > > > The 6th attempts to create a local audit context to be able to bind a > > > standalone record with the container ID record. > > > > > > The 7th, 8th, 9th, 10th patches add container ID records to standalone > > > records. Some of these may end up being syscall auxiliary records and > > > won't need this specific support since they'll be supported via > > > syscalls. > > > > > > The 11th is a temporary workaround due to the AUDIT_CONTAINER records > > > not showing up as do AUDIT_LOGIN records. I suspect this is due to its > > > range (1000 vs 1300), but the intent is to solve it. > > > > > > The 12th adds debug information not intended for upstream for those > > > brave souls wanting to tinker with it in this early state. > > > > > > Feedback please! > > > > Which tree can this patch set be applied to? > > git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git next Thanks, that worked. In case anyone else is trying to apply these patches to a 4.16.0-rc based kernel, commit 4e7e3adbba52 ("Expand various INIT_* macros and remove") moved .sessionid to init/init_task.c. Mimi -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
