From mboxrd@z Thu Jan 1 00:00:00 1970 From: Serge Hallyn Subject: Re: [PATCH RFC] audit: provide namespace information in user originated records Date: Wed, 20 Mar 2013 10:12:55 -0500 Message-ID: <20130320151255.GA3764@sergelap> References: <1363619405-6419-1-git-send-email-arozansk@redhat.com> <877gl48iaz.fsf@xmission.com> <20130319122408.GC20187@redhat.com> <874ng7gcst.fsf@xmission.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Content-Disposition: inline In-Reply-To: <874ng7gcst.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: "Eric W. Biederman" Cc: Linux Containers , linux-audit-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org, Eric Paris List-Id: linux-audit@redhat.com Quoting Eric W. Biederman (ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org): > Aristeu Rozanski writes: > The reasons were simply that to my knowledge no one has thought through > how audit records and namespaces make sense to interact. It seems clear to me (perhaps wrongly :) that: 1. auditd is a host service only. 2. in cases where the namespace is hierarchical and resources have identifiers in the init namespace (i.e. pid and user ns), audit should simply, always, report the id in the init ns 3. in cases where namespaces are not hierarchical (ipc, netns) the (ns_id, resource_id) need to be dumped. The ns_id should be the inode # for the /proc/$$/ns/$namespace, since that is what is used for setns. Syslog I want eventually to be namespaced. Audit, not. Audit is (ISTM) about LSPP and such - things which we can't talk about in containers anyway. -serge