Re: [PATCH] audit: add nspid and nsppid in audit_log_task_info
On Wednesday, December 03, 2014 10:14:32 PM Richard Guy Briggs wrote:
On 14/12/03, Paul Moore wrote:
> On Sunday, November 23, 2014 09:58:48 AM Eric Paris wrote:
> > [forwarding to 2 people looking at audit now, do you mind resending to
> > linux-audit(a)redhat.com and inluding them both?]
>
> I'm also adding the linux-audit list to the CC line.
>
> I know Richard has been working on namespaces/audit, I'd like to hear his
> comments on this patch.
At first when I saw this, I wondered if it was even necessary, thinking
that information should either be irrelevant, or available elsewhere.
Given that it could be several nested pid namespaces, it may even be
incomplete.
Okay, thanks for the input. It doesn't look like this is something we want to
merge at this point.
The most obvious one is that of vanishing fields in audit log
messages
which concerns Steve Grubb. If we fixed the ordering issue, vanishing
fields should no longer be a concern.
Yes, this is just one more reason why we need to rework the audit record
format. I've got more ideas on this since we last talked on-list, but I've
had to shelve things a bit to deal with the audit bugs.
However, make no mistake, the audit record format will be changing, this fixed
string format is garbage.
--
paul moore
security and virtualization @ redhat