Re: [RFC PATCH V1 00/12] audit: implement container id

On 2018-03-04 16:55, Mimi Zohar wrote: > On Thu, 2018-03-01 at 14:41 -0500, Richard Guy Briggs wrote: > > Implement audit kernel container ID. > > > > This patchset is a preliminary RFC based on the proposal document (V3) > > posted: > > https://www.redhat.com/archives/linux-audit/2018-January/msg00014.html > > > > The first patch implements the proc fs write to set the audit container > > ID of a process, emitting an AUDIT_CONTAINER record. > > > > The second implements an auxiliary syscall record AUDIT_CONTAINER_INFO > > if a container ID is present on a task. > > > > The third adds filtering to the exit, exclude and user lists. > > > > The 4th, implements reading the container ID from the proc filesystem > > for debugging. This isn't planned for upstream inclusion. > > > > The 5th adds signal and ptrace support. > > > > The 6th attempts to create a local audit context to be able to bind a > > standalone record with the container ID record. > > > > The 7th, 8th, 9th, 10th patches add container ID records to standalone > > records. Some of these may end up being syscall auxiliary records and > > won't need this specific support since they'll be supported via > > syscalls. > > > > The 11th is a temporary workaround due to the AUDIT_CONTAINER records > > not showing up as do AUDIT_LOGIN records. I suspect this is due to its > > range (1000 vs 1300), but the intent is to solve it. > > > > The 12th adds debug information not intended for upstream for those > > brave souls wanting to tinker with it in this early state. > > > > Feedback please! > > Which tree can this patch set be applied to? git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git next