Quoting Eric W. Biederman (ebiederm@xxxxxxxxxxxx):
> Aristeu Rozanski <arozansk@xxxxxxxxxx> writes:
> The reasons were simply that to my knowledge no one has thought through
> how audit records and namespaces make sense to interact.
It seems clear to me (perhaps wrongly :) that:
1. auditd is a host service only.
2. in cases where the namespace is hierarchical and resources have
identifiers in the init namespace (i.e. pid and user ns), audit
should simply, always, report the id in the init ns
3. in cases where namespaces are not hierarchical (ipc, netns)
the (ns_id, resource_id) need to be dumped. The ns_id should
be the inode # for the /proc/$$/ns/$namespace, since that is
what is used for setns.
Syslog I want eventually to be namespaced. Audit, not.
Audit is (ISTM) about LSPP and such - things which we can't talk
about in containers anyway.
-serge
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/containers
