On Tue, Dec 03, 2013 at 11:24:12AM +0100, Ondrej Moris wrote:
Hi, I am wondering if there is a way to get namespaces related to an
audit event? There are obviously no namespace fields and I do not
see them in the message as well. It might be important to audit a
namespace of the process causing the event... or not?
That does sound potentially useful. I've been working on reducing some
of the restrictions caused by the introduciton of namespaces on audit,
in particular, dealing with net namespaces and pid namespaces. I'm
still looking at user namespaces with caution. I've not dealt with
mount, uts and ipc namespaces.
In particular to your concerns, I'd looked at how to identify namespaces
in debug or log output and hadn't yet come up with anything satisfying
yet.
Ondrej Moriš, RHCSA, RHCE, RHCSS, RHCVA
- RGB
--
Richard Guy Briggs <rbriggs(a)redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545