Re: [PATCH][RFC] audit: log namespace inode numbers
Am Freitag, 20. Dezember 2013, 22:32:29 schrieb Richard Guy Briggs:
Hi Richard,
Log the namespace details of a task.
---
Does anyone have comments on this patch?
I'm looking for guidance on which types of messages should have
namespace information included. I've included too many, I suspect.
I also wonder if displaying these inode numbers in hexadecimal makes
more sense than decimal, since they are all based around 0xF0000000.
These are all with reference to the proc filesystem, so a device
number should not be necessary to qualify them.
I have a general question: why do you sprinkle so many callbacks to
audit_log_namespace_info throughout the code? As namespaces apply only to the acting
entities, i.e. the processes, wouldn't it be sufficient to only add it to
audit_log_task_context? So, everywhere where the context is needed in the audit trail, we
log something about the credentials of the process.
Ciao
Stephan