Re: Audit Framework and namespaces

On 15/12/08, Gulland, Scott A wrote: > It took a month to get a Open Switch linux image put together that > contains the audit framework. I've just started playing with it and > have noticed that "auditd" exits with an error when running a docker > container. Open Switch uses a docker container with a linux image > which has a switch simulator that is used for development. Of > course the actual released environment is using real switch hardware > on a non-container based linux image. It appears that the audit > framework does not work in a docker container. Are there plans to > add support for containers or is there some magic instructions for > getting auditd to work in a container? I assume that docker containers at least spawn a PID namespace and attempt to use CAP_AUDIT_CONTROL, so that would explain why it won't work. As outlined in my first reply, there are ideas to support PID namespaces, but there is no detailed design yet. Again, the definition of a container comes into it as well, but we think we have a reasonable understanding of the needs of docker containers and have an idea how to get there. User namespaces are further off, but I don't believe they are needed for docker at this point.