Daniel J Walsh <dwalsh(a)redhat.com> writes:
Will I be able to use the audit namespace without the user namespace.
I would
prefer to be able to use the audit namespace long before I am willing to take
a chance with the User Namespace for things like light weight virtualization
and securing processes with MAC.
I will be very surprised if we settle on a design that allows it.
I still think even the existence of multiple audit contexts is a little
iffy but the desire seems strong enough Gao feng will probably work
through all of the issues.
Without restricting processes to a user namespace at the same time as
restricting them to an audit context it becomes very easy to violate the
important audit policies and to bury user space generated messages from
privileged userspace applications. At least in a user namespace we know
you are not privileged with respect to the rest of the system, so we
would only be dealing with userspace messages you would not be able to
generate otherwise.
As for taking a chance. You will probably safer with a simultaneous use
of user namespaces and having processes secured with a MAC. To the best
of my knowledge previous solutions have only been really safe when you
trusted the processes inside not to be malicious. A user namespace at
least means you can stop using uid 0 inside of your light weight
virtualization.
Eric