Re: [RFC PATCH V1 00/12] audit: implement container id

From: Mimi Zohar <zohar-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
To: Richard Guy Briggs <rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Cc: mszeredi-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
	trondmy-7I+n7zu2hftEKMMhf/gKZA@public.gmane.org,
	luto-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org,
	jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
	carlos-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
	linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
	containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
	LKML <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
	eparis-FjpueFixGhCM4zKIHC2jIg@public.gmane.org,
	dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
	Linux-Audit Mailing List
	<linux-audit-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
	ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org,
	simo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
	netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
	linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
	cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
	viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org
Subject: Re: [RFC PATCH V1 00/12] audit: implement container id
Date: Mon, 05 Mar 2018 08:27:39 -0500	[thread overview]
Message-ID: <1520256459.10396.283.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <20180305033128.6sqreoo5olqwq5og-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org>

On Sun, 2018-03-04 at 22:31 -0500, Richard Guy Briggs wrote:
> On 2018-03-04 16:55, Mimi Zohar wrote:
> > On Thu, 2018-03-01 at 14:41 -0500, Richard Guy Briggs wrote:
> > > Implement audit kernel container ID.
> > > 
> > > This patchset is a preliminary RFC based on the proposal document (V3)
> > > posted:
> > > 	https://www.redhat.com/archives/linux-audit/2018-January/msg00014.html
> > > 
> > > The first patch implements the proc fs write to set the audit container
> > > ID of a process, emitting an AUDIT_CONTAINER record.
> > > 
> > > The second implements an auxiliary syscall record AUDIT_CONTAINER_INFO
> > > if a container ID is present on a task.
> > > 
> > > The third adds filtering to the exit, exclude and user lists.
> > > 
> > > The 4th, implements reading the container ID from the proc filesystem
> > > for debugging.  This isn't planned for upstream inclusion.
> > > 
> > > The 5th adds signal and ptrace support.
> > > 
> > > The 6th attempts to create a local audit context to be able to bind a
> > > standalone record with the container ID record.
> > > 
> > > The 7th, 8th, 9th, 10th patches add container ID records to standalone
> > > records.  Some of these may end up being syscall auxiliary records and
> > > won't need this specific support since they'll be supported via
> > > syscalls.
> > > 
> > > The 11th is a temporary workaround due to the AUDIT_CONTAINER records
> > > not showing up as do AUDIT_LOGIN records.  I suspect this is due to its
> > > range (1000 vs 1300), but the intent is to solve it.
> > > 
> > > The 12th adds debug information not intended for upstream for those
> > > brave souls wanting to tinker with it in this early state.
> > > 
> > > Feedback please!
> > 
> > Which tree can this patch set be applied to?
> 
> git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git next

Thanks, that worked.  In case anyone else is trying to apply these
patches to a 4.16.0-rc based kernel, commit 4e7e3adbba52 ("Expand
various INIT_* macros and remove") moved .sessionid
to init/init_task.c.

Mimi

_______________________________________________
Containers mailing list
Containers@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/containers