David,
Can you ellaborate on why you think namespaces are an issue? I'm
having a hard time understanding why this would be any more of a
problem then any other intentional subversion of the audit subsystem
by the administrator (where administrator == root). Perhaps there is
a way for a user process to subvert the audit subsystem using
namespace trickory?
If the root user issues a "watch /etc/passwd" it will resolve to the
inode for passwd in the given namespace. Any accesses on that inode,
in that namespace (presumably the only access we care about), by an
audited syscall will be noted and sent to userspace. Isn't that
sufficient?
On Tue, 25 Jan 2005 20:34:04 +0000, David Woodhouse <dwmw2(a)infradead.org> wrote:
On Tue, 2005-01-25 at 12:29 -0600, Timothy R. Chavez wrote:
> To be honest, I haven't really considered the chroot environment. I
> guess the check really needs to be after the lookup and I should
> check:
It's not just chroot. Remember that every task in the system can in
theory have an entirely different namespace, with different file systems
mounted at different places.
--
dwmw2
--
- Timothy R. Chavez