[PATCH] audit: listen in all network namespaces
Gao feng
gaofeng at cn.fujitsu.com
Wed Jul 17 03:54:21 UTC 2013
Hi, Richard
On 07/17/2013 04:32 AM, Richard Guy Briggs wrote:
> Convert audit from only listening in init_net to use register_pernet_subsys()
> to dynamically manage the netlink socket list.
>
> Signed-off-by: Richard Guy Briggs <rgb at redhat.com>
> ---
Right now audit still can't be used in uninit pid/user namespace,
Consider this, when user in uninit pid/user namespace is allowed
to setup/run audit subsystem, since the kernel thread always runs
in init pid namespace, so we can't get right net namespace through
get_net_ns_by_pid, The audit information will be sent to incorrect
net namespace by kernel thread.
In my opinion, This patch is limited and nonextensile.
Maybe you should check the patchset "[Part1 PATCH 00/22] Add namespace support for audit"
I sent in 06/19/2013, In my solution, audit kernel side netlink sockets belongs
to user namespace, and the user space audit netlink sockets will find the audit
kernel socket through current_net_ns()->user_ns->audit.sock.
The "[PATCH 04/22] netlink: Add compare function for netlink_table" of this patchset
has been merged in linux mainline. I think if you look at my patchset, you will find
the [PATCH 03/22] and [PATCH 05/22] will achieve the same aim of your patch.
Thanks!
More information about the Linux-audit
mailing list