On Tue, Dec 31, 2019 at 2:51 PM Richard Guy Briggs <rgb@xxxxxxxxxx> wrote: > > Clamp the number of audit container identifiers associated with a > network namespace to limit the netlink and disk bandwidth used and to > prevent losing information from record text size overflow in the contid > field. > > Add a configuration parameter AUDIT_STATUS_CONTID_NETNS_LIMIT (0x100) > to set the audit container identifier netns limit. This is used to > prevent overflow of the contid field in CONTAINER_OP and CONTAINER_ID > messages, losing information, and to limit bandwidth used by these > messages. > > This value must be balanced with the audit container identifier nesting > depth limit to multiply out to no more than 400. This is determined by > the total audit message length less message overhead divided by the > length of the text representation of an audit container identifier. > > Signed-off-by: Richard Guy Briggs <rgb@xxxxxxxxxx> > --- > include/linux/audit.h | 16 +++++++---- > include/linux/nsproxy.h | 2 +- > include/uapi/linux/audit.h | 2 ++ > kernel/audit.c | 68 ++++++++++++++++++++++++++++++++++++++-------- > kernel/audit.h | 7 +++++ > kernel/fork.c | 10 +++++-- > kernel/nsproxy.c | 27 +++++++++++++++--- > 7 files changed, 107 insertions(+), 25 deletions(-) Similar to my comments in patch 14, let's defer this to a later time if we need to do this at all. -- paul moore www.paul-moore.com
