Re: [PATCH ghak122 v1] audit: store event sockaddr in case of no rules

On Mon, Jul 13, 2020 at 7:09 PM Casey Schaufler <casey(a)schaufler-ca.com&gt; wrote: In my opinion, linking the audit container ID and LSM stacking patchsets would seem like a very big mistake, especially since the consolidation you are describing could be done after the fact without any disruption to the kernel/userspace interface. I would strongly encourage both patchsets to remain self-contained if at all possible so as to not jeopardize each other. -- paul moore www.paul-moore.com