[PATCH][RFC] audit: log namespace inode numbers
Stephan Mueller
stephan.mueller at atsec.com
Tue Jan 7 06:07:58 UTC 2014
Am Freitag, 20. Dezember 2013, 22:32:29 schrieb Richard Guy Briggs:
Hi Richard,
>Log the namespace details of a task.
>---
>
>Does anyone have comments on this patch?
>
>I'm looking for guidance on which types of messages should have
>namespace information included. I've included too many, I suspect.
>
>I also wonder if displaying these inode numbers in hexadecimal makes
>more sense than decimal, since they are all based around 0xF0000000.
>These are all with reference to the proc filesystem, so a device
>number should not be necessary to qualify them.
I have a general question: why do you sprinkle so many callbacks to audit_log_namespace_info throughout the code? As namespaces apply only to the acting entities, i.e. the processes, wouldn't it be sufficient to only add it to audit_log_task_context? So, everywhere where the context is needed in the audit trail, we log something about the credentials of the process.
Ciao
Stephan
More information about the Linux-audit
mailing list