From mboxrd@z Thu Jan  1 00:00:00 1970
From: Stephan Mueller <stephan.mueller@atsec.com>
Subject: Re: [PATCH][RFC] audit: log namespace inode numbers
Date: Tue, 07 Jan 2014 07:07:58 +0100
Message-ID: <12215179.NadLEXGm6c@tauon>
References: <958ab728049c1adb674eeda3cbb2fc3e0774ab98.1387596015.git.rgb@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx1.redhat.com (ext-mx16.extmail.prod.ext.phx2.redhat.com
	[10.5.110.21])
	by int-mx12.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
	id s07683L0010540
	for <linux-audit@redhat.com>; Tue, 7 Jan 2014 01:08:04 -0500
Received: from mail.atsec.com (mail.atsec.com [195.30.99.214])
	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s0767ua3006608
	for <linux-audit@redhat.com>; Tue, 7 Jan 2014 01:07:57 -0500
Received: from mail.atsec.com (localhost [127.0.0.1])
	by mail.atsec.com (Postfix) with ESMTP id 0F96978078
	for <linux-audit@redhat.com>; Tue,  7 Jan 2014 07:07:56 +0100 (CET)
In-Reply-To: <958ab728049c1adb674eeda3cbb2fc3e0774ab98.1387596015.git.rgb@redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Richard Guy Briggs <rgb@redhat.com>
Cc: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

Am Freitag, 20. Dezember 2013, 22:32:29 schrieb Richard Guy Briggs:

Hi Richard,

>Log the namespace details of a task.
>---
>
>Does anyone have comments on this patch?
>
>I'm looking for guidance on which types of messages should have
>namespace information included.  I've included too many, I suspect.
>
>I also wonder if displaying these inode numbers in hexadecimal makes
>more sense than decimal, since they are all based around 0xF0000000. 
>These are all with reference to the proc filesystem, so a device
>number should not be necessary to qualify them.

I have a general question: why do you sprinkle so many callbacks to audit_log_namespace_info throughout the code? As namespaces apply only to the acting entities, i.e. the processes, wouldn't it be sufficient to only add it to audit_log_task_context? So, everywhere where the context is needed in the audit trail, we log something about the credentials of the process.

Ciao
Stephan