On Sat, Nov 27, 2021 at 04:45:47PM +0000, James Bottomley wrote: > As a precursor to namespacing IMA a way of uniquely identifying the > namespace to appear in the IMA log is needed. This log may be > transported away from the running system and may be analyzed even > after the system has been rebooted. Thus we need a way of identifying > namespaces in the log which is unique. UUID, being designed > probabilistically never to repeat, fits this bill so add it to the > user_namespace which we'll also use for namespacing IMA. If the logs run across 5 boots, is it important to you that the uuid be unique across all 5 boots? Would it suffice to have a per-boot unique count and report that plus some indicator of the current boot (like boot time in jiffies)?
