Add support for audit kernel container identifiers to userspace tools.
The first and second add new record types. The third adds filter
support. The fourth and 5th start to add search support.
The last is intended for debugging and not for upstream, matching the
kernel /proc read patch.
See:
https://github.com/linux-audit/audit-userspace/issues/51
See:
https://github.com/linux-audit/audit-userspace/issues/40
See:
https://github.com/linux-audit/audit-kernel/issues/90
See:
https://github.com/linux-audit/audit-kernel/issues/91
See:
https://github.com/linux-audit/audit-testsuite/issues/64
See:
https://github.com/linux-audit/audit-kernel/wiki/RFE-Audit-Container-ID
Richard Guy Briggs (6):
AUDIT_CONTAINER_OP message type basic support
AUDIT_CONTAINER message type basic support
auditctl: add support for AUDIT_CONTID filter
add ausearch containerid support
start normalization containerid support
libaudit: add support to get the task audit container identifier
auparse/normalize_record_map.h | 1 +
docs/Makefile.am | 2 +-
docs/audit_get_containerid.3 | 25 ++++++
docs/auditctl.8 | 3 +
lib/fieldtab.h | 1 +
lib/libaudit.c | 65 ++++++++++++++
lib/libaudit.h | 16 ++++
lib/msg_typetab.h | 2 +
lib/netlink.c | 1 +
src/auditctl-listing.c | 21 +++++
src/aureport-options.c | 1 +
src/ausearch-llist.c | 2 +
src/ausearch-llist.h | 1 +
src/ausearch-match.c | 3 +
src/ausearch-options.c | 47 +++++++++-
src/ausearch-options.h | 1 +
src/ausearch-parse.c | 199 +++++++++++++++++++++++++++++++++++++++++
17 files changed, 389 insertions(+), 2 deletions(-)
create mode 100644 docs/audit_get_containerid.3
--
1.8.3.1