From mboxrd@z Thu Jan 1 00:00:00 1970 From: Gao feng Subject: Re: [PATCH] audit: listen in all network namespaces Date: Wed, 17 Jul 2013 11:54:21 +0800 Message-ID: <51E6156D.3040709@cn.fujitsu.com> References: <1374006760-7687-1-git-send-email-rgb@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <1374006760-7687-1-git-send-email-rgb@redhat.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Richard Guy Briggs Cc: linux-audit@redhat.com List-Id: linux-audit@redhat.com Hi, Richard On 07/17/2013 04:32 AM, Richard Guy Briggs wrote: > Convert audit from only listening in init_net to use register_pernet_subsys() > to dynamically manage the netlink socket list. > > Signed-off-by: Richard Guy Briggs > --- Right now audit still can't be used in uninit pid/user namespace, Consider this, when user in uninit pid/user namespace is allowed to setup/run audit subsystem, since the kernel thread always runs in init pid namespace, so we can't get right net namespace through get_net_ns_by_pid, The audit information will be sent to incorrect net namespace by kernel thread. In my opinion, This patch is limited and nonextensile. Maybe you should check the patchset "[Part1 PATCH 00/22] Add namespace support for audit" I sent in 06/19/2013, In my solution, audit kernel side netlink sockets belongs to user namespace, and the user space audit netlink sockets will find the audit kernel socket through current_net_ns()->user_ns->audit.sock. The "[PATCH 04/22] netlink: Add compare function for netlink_table" of this patchset has been merged in linux mainline. I think if you look at my patchset, you will find the [PATCH 03/22] and [PATCH 05/22] will achieve the same aim of your patch. Thanks!