Re: [RFC Part1 PATCH 00/20 v2] Add namespace support for audit
Hi
On 10/24/2013 03:31 PM, Gao feng wrote:
Here is the v1 patchset: http://lwn.net/Articles/549546/
The main target of this patchset is allowing user in audit
namespace to generate the USER_MSG type of audit message,
some userspace tools need to generate audit message, or
these tools will broken.
I really need this feature, right now,some process such as
logind are broken in container becase we leak of this feature.
And the login process in container may want to setup
/proc/<pid>/loginuid, right now this value is unalterable
once it being set. this will also broke the login problem
in container. After this patchset, we can reset this loginuid
to zero if task is running in a new audit namespace.
I notice this problem has been fixed in audit tree, so may be
I don't need to clean up loginuid when we create audit namespace.
And in audit tree, audit socket is per net namespace, hmm, I want
to know if anybody has a solution to allow processes to generate
USER_MSG type of audit message in un init pid/user namepsace.
Any idea? Eric,Steve,Richard?
Thanks
Gao