Re: [PATCH] audit: listen in all network namespaces

Hi, Richard On 07/17/2013 04:32 AM, Richard Guy Briggs wrote: Right now audit still can't be used in uninit pid/user namespace, Consider this, when user in uninit pid/user namespace is allowed to setup/run audit subsystem, since the kernel thread always runs in init pid namespace, so we can't get right net namespace through get_net_ns_by_pid, The audit information will be sent to incorrect net namespace by kernel thread. In my opinion, This patch is limited and nonextensile. Maybe you should check the patchset "[Part1 PATCH 00/22] Add namespace support for audit" I sent in 06/19/2013, In my solution, audit kernel side netlink sockets belongs to user namespace, and the user space audit netlink sockets will find the audit kernel socket through current_net_ns()->user_ns->audit.sock. The "[PATCH 04/22] netlink: Add compare function for netlink_table" of this patchset has been merged in linux mainline. I think if you look at my patchset, you will find the [PATCH 03/22] and [PATCH 05/22] will achieve the same aim of your patch. Thanks!