From: Mimi Zohar <zohar-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
To: Richard Guy Briggs <rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Cc: mszeredi-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
trondmy-7I+n7zu2hftEKMMhf/gKZA@public.gmane.org,
luto-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org,
jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
carlos-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
LKML <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
eparis-FjpueFixGhCM4zKIHC2jIg@public.gmane.org,
dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
Linux-Audit Mailing List
<linux-audit-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org,
simo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org
Subject: Re: [RFC PATCH V1 00/12] audit: implement container id
Date: Mon, 05 Mar 2018 08:27:39 -0500 [thread overview]
Message-ID: <1520256459.10396.283.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <20180305033128.6sqreoo5olqwq5og-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org>
On Sun, 2018-03-04 at 22:31 -0500, Richard Guy Briggs wrote:
> On 2018-03-04 16:55, Mimi Zohar wrote:
> > On Thu, 2018-03-01 at 14:41 -0500, Richard Guy Briggs wrote:
> > > Implement audit kernel container ID.
> > >
> > > This patchset is a preliminary RFC based on the proposal document (V3)
> > > posted:
> > > https://www.redhat.com/archives/linux-audit/2018-January/msg00014.html
> > >
> > > The first patch implements the proc fs write to set the audit container
> > > ID of a process, emitting an AUDIT_CONTAINER record.
> > >
> > > The second implements an auxiliary syscall record AUDIT_CONTAINER_INFO
> > > if a container ID is present on a task.
> > >
> > > The third adds filtering to the exit, exclude and user lists.
> > >
> > > The 4th, implements reading the container ID from the proc filesystem
> > > for debugging. This isn't planned for upstream inclusion.
> > >
> > > The 5th adds signal and ptrace support.
> > >
> > > The 6th attempts to create a local audit context to be able to bind a
> > > standalone record with the container ID record.
> > >
> > > The 7th, 8th, 9th, 10th patches add container ID records to standalone
> > > records. Some of these may end up being syscall auxiliary records and
> > > won't need this specific support since they'll be supported via
> > > syscalls.
> > >
> > > The 11th is a temporary workaround due to the AUDIT_CONTAINER records
> > > not showing up as do AUDIT_LOGIN records. I suspect this is due to its
> > > range (1000 vs 1300), but the intent is to solve it.
> > >
> > > The 12th adds debug information not intended for upstream for those
> > > brave souls wanting to tinker with it in this early state.
> > >
> > > Feedback please!
> >
> > Which tree can this patch set be applied to?
>
> git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git next
Thanks, that worked. In case anyone else is trying to apply these
patches to a 4.16.0-rc based kernel, commit 4e7e3adbba52 ("Expand
various INIT_* macros and remove") moved .sessionid
to init/init_task.c.
Mimi
_______________________________________________
Containers mailing list
Containers@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/containers
WARNING: multiple messages have this Message-ID (diff)
From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: Richard Guy Briggs <rgb@redhat.com>
Cc: cgroups@vger.kernel.org, containers@lists.linux-foundation.org,
linux-api@vger.kernel.org,
Linux-Audit Mailing List <linux-audit@redhat.com>,
linux-fsdevel@vger.kernel.org,
LKML <linux-kernel@vger.kernel.org>,
netdev@vger.kernel.org, mszeredi@redhat.com,
ebiederm@xmission.com, simo@redhat.com, jlayton@redhat.com,
carlos@redhat.com, dhowells@redhat.com, viro@zeniv.linux.org.uk,
luto@kernel.org, eparis@parisplace.org, trondmy@primarydata.com,
serge@hallyn.com
Subject: Re: [RFC PATCH V1 00/12] audit: implement container id
Date: Mon, 05 Mar 2018 08:27:39 -0500 [thread overview]
Message-ID: <1520256459.10396.283.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <20180305033128.6sqreoo5olqwq5og@madcap2.tricolour.ca>
On Sun, 2018-03-04 at 22:31 -0500, Richard Guy Briggs wrote:
> On 2018-03-04 16:55, Mimi Zohar wrote:
> > On Thu, 2018-03-01 at 14:41 -0500, Richard Guy Briggs wrote:
> > > Implement audit kernel container ID.
> > >
> > > This patchset is a preliminary RFC based on the proposal document (V3)
> > > posted:
> > > https://www.redhat.com/archives/linux-audit/2018-January/msg00014.html
> > >
> > > The first patch implements the proc fs write to set the audit container
> > > ID of a process, emitting an AUDIT_CONTAINER record.
> > >
> > > The second implements an auxiliary syscall record AUDIT_CONTAINER_INFO
> > > if a container ID is present on a task.
> > >
> > > The third adds filtering to the exit, exclude and user lists.
> > >
> > > The 4th, implements reading the container ID from the proc filesystem
> > > for debugging. This isn't planned for upstream inclusion.
> > >
> > > The 5th adds signal and ptrace support.
> > >
> > > The 6th attempts to create a local audit context to be able to bind a
> > > standalone record with the container ID record.
> > >
> > > The 7th, 8th, 9th, 10th patches add container ID records to standalone
> > > records. Some of these may end up being syscall auxiliary records and
> > > won't need this specific support since they'll be supported via
> > > syscalls.
> > >
> > > The 11th is a temporary workaround due to the AUDIT_CONTAINER records
> > > not showing up as do AUDIT_LOGIN records. I suspect this is due to its
> > > range (1000 vs 1300), but the intent is to solve it.
> > >
> > > The 12th adds debug information not intended for upstream for those
> > > brave souls wanting to tinker with it in this early state.
> > >
> > > Feedback please!
> >
> > Which tree can this patch set be applied to?
>
> git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git next
Thanks, that worked. In case anyone else is trying to apply these
patches to a 4.16.0-rc based kernel, commit 4e7e3adbba52 ("Expand
various INIT_* macros and remove") moved .sessionid
to init/init_task.c.
Mimi
next prev parent reply other threads:[~2018-03-05 13:27 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-01 19:41 [RFC PATCH V1 00/12] audit: implement container id Richard Guy Briggs
2018-03-01 19:41 ` Richard Guy Briggs
2018-03-01 19:41 ` [RFC PATCH V1 05/12] audit: add containerid support for ptrace and signals Richard Guy Briggs
2018-03-01 19:41 ` [RFC PATCH V1 06/12] audit: add support for non-syscall auxiliary records Richard Guy Briggs
2018-03-01 19:41 ` [RFC PATCH V1 07/12] audit: add container aux record to watch/tree/mark Richard Guy Briggs
2018-03-01 19:41 ` [RFC PATCH V1 08/12] audit: add containerid support for tty_audit Richard Guy Briggs
2018-03-01 19:41 ` [RFC PATCH V1 10/12] audit: add containerid support for seccomp and anom_abend records Richard Guy Briggs
2018-03-01 19:41 ` [RFC PATCH V1 11/12] debug audit: add container id Richard Guy Briggs
2018-03-01 19:41 ` [RFC PATCH V1 12/12] debug! " Richard Guy Briggs
2018-03-06 15:04 ` [RFC PATCH V1 00/12] audit: implement " Serge E. Hallyn
[not found] ` <cover.1519930146.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2018-03-01 19:41 ` [RFC PATCH V1 01/12] audit: add " Richard Guy Briggs
2018-03-01 19:41 ` Richard Guy Briggs
[not found] ` <2e5d93ee46feca915a101c2fc3062da674a98223.1519930146.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2018-03-02 1:41 ` Richard Guy Briggs
2018-03-02 1:41 ` Richard Guy Briggs
[not found] ` <20180302014101.jtfd2eeyxmvxcjpf-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org>
2018-03-02 15:48 ` Paul Moore
2018-03-02 15:48 ` Paul Moore
[not found] ` <CAHC9VhQi2QC8_e1fgYr=bfTACdtpgXZubc6S18r+1+9qf6TJ8w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-03-02 18:23 ` Matthew Wilcox
2018-03-02 18:23 ` Matthew Wilcox
[not found] ` <20180302182321.GE31400-PfSpb0PWhxZc2C7mugBRk2EX/6BAtgUQ@public.gmane.org>
2018-03-02 19:25 ` Paul Moore
2018-03-02 19:25 ` Paul Moore
[not found] ` <CAHC9VhSapR0jXyhonKjLVpBfPX-P4KCR7OJTasyiTQuDFYZ1Rw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-03-02 19:41 ` Paul Moore
2018-03-02 19:41 ` Paul Moore
2018-03-03 9:19 ` Serge E. Hallyn
2018-03-15 20:27 ` Stefan Berger
2018-03-15 20:27 ` Stefan Berger
2018-03-16 3:58 ` Richard Guy Briggs
2018-04-18 18:45 ` Stefan Berger
2018-04-18 19:23 ` Richard Guy Briggs
2018-04-18 19:39 ` Stefan Berger
2018-04-18 19:51 ` Richard Guy Briggs
[not found] ` <c1ec93a2-b398-373c-55da-b2be8e60c6b6-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2018-04-18 19:51 ` Richard Guy Briggs
[not found] ` <20180418192359.n4q53bvsdhrjftjg-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org>
2018-04-18 19:39 ` Stefan Berger
[not found] ` <f966fa52-da4b-3d74-0848-1f0b08e57fd9-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2018-04-18 19:23 ` Richard Guy Briggs
[not found] ` <20180316035837.ddnqvbyrbp3fdk7e-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org>
2018-04-18 18:45 ` Stefan Berger
[not found] ` <216d1ab1-531b-9185-2e31-34f162f08aad-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2018-03-16 3:58 ` Richard Guy Briggs
2018-03-03 9:19 ` Serge E. Hallyn
[not found] ` <20180303091913.GA13118-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2018-03-04 15:01 ` Paul Moore
2018-03-04 15:01 ` Paul Moore
2018-03-04 15:01 ` Paul Moore
[not found] ` <CAHC9VhQA23w39aaho1wkPawX7zxiGyTVQroZzpACKk8DK8-F8w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-03-05 8:16 ` Richard Guy Briggs
2018-03-05 8:16 ` Richard Guy Briggs
2018-03-01 19:41 ` [RFC PATCH V1 02/12] audit: log container info of syscalls Richard Guy Briggs
2018-03-01 19:41 ` Richard Guy Briggs
2018-03-01 19:41 ` [RFC PATCH V1 03/12] audit: add containerid filtering Richard Guy Briggs
2018-03-01 19:41 ` Richard Guy Briggs
2018-03-01 19:41 ` [RFC PATCH V1 04/12] audit: read container ID of a process Richard Guy Briggs
2018-03-01 19:41 ` Richard Guy Briggs
2018-03-01 19:41 ` [RFC PATCH V1 05/12] audit: add containerid support for ptrace and signals Richard Guy Briggs
2018-03-01 19:41 ` [RFC PATCH V1 06/12] audit: add support for non-syscall auxiliary records Richard Guy Briggs
2018-03-01 19:41 ` [RFC PATCH V1 07/12] audit: add container aux record to watch/tree/mark Richard Guy Briggs
2018-03-01 19:41 ` [RFC PATCH V1 08/12] audit: add containerid support for tty_audit Richard Guy Briggs
2018-03-01 19:41 ` [RFC PATCH V1 09/12] audit: add containerid support for config/feature/user records Richard Guy Briggs
2018-03-01 19:41 ` Richard Guy Briggs
2018-03-01 19:41 ` [RFC PATCH V1 10/12] audit: add containerid support for seccomp and anom_abend records Richard Guy Briggs
2018-03-01 19:41 ` [RFC PATCH V1 11/12] debug audit: add container id Richard Guy Briggs
2018-03-01 19:41 ` [RFC PATCH V1 12/12] debug! " Richard Guy Briggs
2018-03-04 21:55 ` [RFC PATCH V1 00/12] audit: implement " Mimi Zohar
2018-03-04 21:55 ` Mimi Zohar
[not found] ` <1520200557.10396.257.camel-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2018-03-05 3:31 ` Richard Guy Briggs
2018-03-05 3:31 ` Richard Guy Briggs
[not found] ` <20180305033128.6sqreoo5olqwq5og-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org>
2018-03-05 13:27 ` Mimi Zohar [this message]
2018-03-05 13:27 ` Mimi Zohar
2018-03-06 15:04 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1520256459.10396.283.camel@linux.vnet.ibm.com \
--to=zohar-23vcf4htsmix0ybbhkvfkdbpr1lh4cv8@public.gmane.org \
--cc=carlos-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=eparis-FjpueFixGhCM4zKIHC2jIg@public.gmane.org \
--cc=jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-audit-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=luto-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=mszeredi-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=simo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=trondmy-7I+n7zu2hftEKMMhf/gKZA@public.gmane.org \
--cc=viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.