Re: [PATCH ghak90 V8 15/16] audit: check contid count per netns and add config param limit

Clamp the number of audit container identifiers associated with a network namespace to limit the netlink and disk bandwidth used and to prevent losing information from record text size overflow in the contid field. Add a configuration parameter AUDIT_STATUS_CONTID_NETNS_LIMIT (0x100) to set the audit container identifier netns limit. This is used to prevent overflow of the contid field in CONTAINER_OP and CONTAINER_ID messages, losing information, and to limit bandwidth used by these messages. This value must be balanced with the audit container identifier nesting depth limit to multiply out to no more than 400. This is determined by the total audit message length less message overhead divided by the length of the text representation of an audit container identifier. Signed-off-by: Richard Guy Briggs <rgb(a)redhat.com&gt; --- include/linux/audit.h | 16 +++++++---- include/linux/nsproxy.h | 2 +- include/uapi/linux/audit.h | 2 ++ kernel/audit.c | 68 ++++++++++++++++++++++++++++++++++++++-------- kernel/audit.h | 7 +++++ kernel/fork.c | 10 +++++-- kernel/nsproxy.c | 27 +++++++++++++++--- 7 files changed, 107 insertions(+), 25 deletions(-)