[PATCH] audit: add nspid and nsppid in audit_log_task_info
Paul Moore
pmoore at redhat.com
Thu Dec 4 16:43:57 UTC 2014
On Wednesday, December 03, 2014 10:14:32 PM Richard Guy Briggs wrote:
> On 14/12/03, Paul Moore wrote:
> > On Sunday, November 23, 2014 09:58:48 AM Eric Paris wrote:
> > > [forwarding to 2 people looking at audit now, do you mind resending to
> > > linux-audit at redhat.com and inluding them both?]
> >
> > I'm also adding the linux-audit list to the CC line.
> >
> > I know Richard has been working on namespaces/audit, I'd like to hear his
> > comments on this patch.
>
> At first when I saw this, I wondered if it was even necessary, thinking
> that information should either be irrelevant, or available elsewhere.
>
> Given that it could be several nested pid namespaces, it may even be
> incomplete.
Okay, thanks for the input. It doesn't look like this is something we want to
merge at this point.
> The most obvious one is that of vanishing fields in audit log messages
> which concerns Steve Grubb. If we fixed the ordering issue, vanishing
> fields should no longer be a concern.
Yes, this is just one more reason why we need to rework the audit record
format. I've got more ideas on this since we last talked on-list, but I've
had to shelve things a bit to deal with the audit bugs.
However, make no mistake, the audit record format will be changing, this fixed
string format is garbage.
--
paul moore
security and virtualization @ redhat
More information about the Linux-audit
mailing list