Re: [PATCH RFC] audit: provide namespace information in user originated records
Quoting Eric W. Biederman (ebiederm(a)xmission.com):
Aristeu Rozanski <arozansk(a)redhat.com> writes:
The reasons were simply that to my knowledge no one has thought through
how audit records and namespaces make sense to interact.
It seems clear to me (perhaps wrongly :) that:
1. auditd is a host service only.
2. in cases where the namespace is hierarchical and resources have
identifiers in the init namespace (i.e. pid and user ns), audit
should simply, always, report the id in the init ns
3. in cases where namespaces are not hierarchical (ipc, netns)
the (ns_id, resource_id) need to be dumped. The ns_id should
be the inode # for the /proc/$$/ns/$namespace, since that is
what is used for setns.
Syslog I want eventually to be namespaced. Audit, not.
Audit is (ISTM) about LSPP and such - things which we can't talk
about in containers anyway.
-serge