Quoting Richard Guy Briggs (rgb@xxxxxxxxxx):
> When a task with CAP_AUDIT_CONTROL sends a NETLINK_AUDIT message of type
> AUDIT_NS_INFO with a PID of interest, dump the namespace IDs of that task to
> the audit log.
> ---
Acked-by: Serge Hallyn <serge.hallyn@xxxxxxxxxxxxx>
> kernel/audit.c | 14 ++++++++++++++
> 1 files changed, 14 insertions(+), 0 deletions(-)
>
> diff --git a/kernel/audit.c b/kernel/audit.c
> index a17a09f..cc63445 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -671,6 +671,7 @@ static int audit_netlink_ok(struct sk_buff *skb, u16 msg_type)
> case AUDIT_TTY_SET:
> case AUDIT_TRIM:
> case AUDIT_MAKE_EQUIV:
> + case AUDIT_NS_INFO:
> /* Only support auditd and auditctl in initial pid namespace
> * for now. */
> if ((task_active_pid_ns(current) != &init_pid_ns))
> @@ -1068,6 +1069,19 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
> audit_log_end(ab);
> break;
> }
> + case AUDIT_NS_INFO:
> +#ifdef CONFIG_NAMESPACES
> + {
> + struct task_struct *tsk;
> +
> + rcu_read_lock();
> + tsk = find_task_by_vpid(*(pid_t *)data);
> + rcu_read_unlock();
> + audit_log_ns_info(tsk);
> + }
> +#else /* CONFIG_NAMESPACES */
> + err = -EOPNOTSUPP;
> +#endif /* CONFIG_NAMESPACES */
> default:
> err = -EINVAL;
> break;
> --
> 1.7.1
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/containers
