[PATCH V6 05/10] audit: log creation and deletion of namespace instances
LC Bruzenak
lenny at magitekltd.com
Thu May 14 15:12:44 UTC 2015
On 05/14/2015 09:57 AM, Steve Grubb wrote:
> Also, if the host OS cannot make sense of the information being logged because
> the pid maps to another process name, or a uid maps to another user, or a file
> access maps to something not in the host's, then we need the container to do
> its own auditing and resolve these mappings and optionally pass these to an
> aggregation server.
>
> Nothing else makes sense.
+1
Except, being that is IS a container, I'd say that for anyone who cares
about the audited data, the passing to an aggregation server would not
be optional.
At least not for any use-case I can envision.
LCB
--
LC (Lenny) Bruzenak
lenny at magitekltd.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2193 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20150514/55685d28/attachment.p7s>
More information about the Linux-audit
mailing list