On Wed, Sep 18, 2019 at 9:27 PM Richard Guy Briggs <rgb@xxxxxxxxxx> wrote: > Track the parent container of a container to be able to filter and > report nesting. > > Now that we have a way to track and check the parent container of a > container, fixup other patches, or squash all nesting fixes together. > > fixup! audit: add container id > fixup! audit: log drop of contid on exit of last task > fixup! audit: log container info of syscalls > fixup! audit: add containerid filtering > fixup! audit: NETFILTER_PKT: record each container ID associated with a netNS > fixup! audit: convert to contid list to check for orch/engine ownership softirq (for netfilter) audit: protect contid list lock from softirq > > Signed-off-by: Richard Guy Briggs <rgb@xxxxxxxxxx> > --- > include/linux/audit.h | 1 + > kernel/audit.c | 67 ++++++++++++++++++++++++++++++++++++++++++--------- > kernel/audit.h | 3 +++ > kernel/auditfilter.c | 20 ++++++++++++++- > kernel/auditsc.c | 2 +- > 5 files changed, 79 insertions(+), 14 deletions(-) This is my last comment of the patchset because this is where it starts to get a little weird. I know we've talked about fixup! patches some in the past, but perhaps I didn't do a very good job communicating my poin; let me try again. Submitting a fixup patch is okay if you've already posted a (lengthy) patchset and there was a small nit that someone uncovered that needed to be fixed prior to merging, assuming everyone (this includes the reviewer, the patch author, and the maintainer) is okay with the author posting the fix as fixup! patch then go for it. Done this way, fixup patches can save a lot of development, testing, and review time. However, in my opinion it is wrong to submit a patchset that has fixup patches as part of the original posting. In this case fixup patches have the opposite effect: the patchset becomes more complicated, reviews take longer, and the likelihood of missing important details increases. When in doubt, don't submit separate fixup patches, fold them into the original patches instead. -- paul moore www.paul-moore.com
