Hi Richard, This patch has been compiled, but not runtime tested. --- If the containerid is defined, include it in the IMA-audit record. Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> --- security/integrity/ima/ima_api.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index 33b4458cdbef..41d29a06f28f 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -335,6 +335,9 @@ void ima_audit_measurement(struct integrity_iint_cache *iint, audit_log_untrustedstring(ab, algo_hash); audit_log_task_info(ab, current); + if (audit_containerid_set(current)) + audit_log_format(ab, " contid=%llu", + audit_get_containerid(current)); audit_log_end(ab); iint->flags |= IMA_AUDITED; -- 2.7.5 _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
