Namespaces in event records
Richard Guy Briggs
rgb at redhat.com
Tue Dec 3 12:35:27 UTC 2013
On Tue, Dec 03, 2013 at 11:24:12AM +0100, Ondrej Moris wrote:
> Hi, I am wondering if there is a way to get namespaces related to an
> audit event? There are obviously no namespace fields and I do not
> see them in the message as well. It might be important to audit a
> namespace of the process causing the event... or not?
That does sound potentially useful. I've been working on reducing some
of the restrictions caused by the introduciton of namespaces on audit,
in particular, dealing with net namespaces and pid namespaces. I'm
still looking at user namespaces with caution. I've not dealt with
mount, uts and ipc namespaces.
In particular to your concerns, I'd looked at how to identify namespaces
in debug or log output and hadn't yet come up with anything satisfying
yet.
> Ondrej Moriš, RHCSA, RHCE, RHCSS, RHCVA
- RGB
--
Richard Guy Briggs <rbriggs at redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
More information about the Linux-audit
mailing list