Re: [PATCH V6 05/10] audit: log creation and deletion of namespace instances

On 15/05/14, Steve Grubb wrote: > What they would want to know is what resources were assigned; if two > containers shared a resource, what resource and container was it shared > with; if two containers can communicate, we need to see or control > information flow when necessary; and we need to see termination and > release of resources. So, namespaces are a big part of this. I understand how they are spawned and potentially shared. I have a more vague idea about how cgroups contribute to this concept of a container. So far, I have very little idea how seccomp contributes, but I assume that it will also need to be part of this tracking.