Separating Container(docker) Logs
Wajih Ul Hassan
wajih.lums at gmail.com
Sat Mar 11 04:47:06 UTC 2017
Hello,
I have been using Linux Audit Module for a while now especially in the
context of container(docker) environment. I use SELinux MCS labels with
docker --selinux-enabled to separate different container logs in auditd log
stream. But this solution is very limited to SELinux enabled OS and cannot
be ported to other systems like Ubuntu which uses AppArmour. So I am
looking for some other way to separate each container logs in auditd log
stream. If somebody can give me pointers or patches that makes
auditd container aware it will be really helpful for me.
Thanks,
Wajih
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20170311/eef1764d/attachment.htm>
More information about the Linux-audit
mailing list