Audit roadmap and new development
Paul Moore
paul at paul-moore.com
Sun Mar 11 19:24:19 UTC 2018
On Sun, Mar 11, 2018 at 1:44 PM, F Rafi <farhanible at gmail.com> wrote:
> So container support can be addressed by userspace changes alone Or will it
> require kernel audit subsystem updates as well?
In order to associate container identifiers with kernel generated
audit events, kernel changes are required. You may have seen
discussion threads about this on the list, and more recently a partial
RFC patchset from Richard Guy Briggs on this list as well. Of course
there will likely be some additions to Steve's userspace tools to make
sense of, and interpret, the additional container identifiers in the
audit log, but I expect the bulk of changes to happen in the kernel.
There are a handful of issues in the GitHub audit-kernel issue tracker
related to this work.
> On Sun, Mar 11, 2018 at 1:08 PM Paul Moore <paul at paul-moore.com> wrote:
>>
>> On Sun, Mar 11, 2018 at 5:38 AM, Steve Grubb <sgrubb at redhat.com> wrote:
>> > Hello,
>> >
>> > I wanted to take a few minutes to chat about the future audit roadmap.
>> > The release of audit-2.8.3 represents a breaking point ...
>>
>> Just a quick note that Steve is talking about the audit userspace
>> which he maintains, the work for the Linux Kernel's audit subsystem is
>> tracked via GitHub (link below). This includes both bug reports *and*
>> new feature requests. If you would like to add to that list, feel
>> free to do so. If you want to help out and contribute, definitely
>> feel free to do so! ;)
>>
>> * https://github.com/linux-audit/audit-kernel/issues
>>
>> --
>> paul moore
>> www.paul-moore.com
>>
>> --
>> Linux-audit mailing list
>> Linux-audit at redhat.com
>> https://www.redhat.com/mailman/listinfo/linux-audit
--
paul moore
www.paul-moore.com
More information about the Linux-audit
mailing list