On Tue, Dec 03, 2013 at 11:24:12AM +0100, Ondrej Moris wrote: > Hi, I am wondering if there is a way to get namespaces related to an > audit event? There are obviously no namespace fields and I do not > see them in the message as well. It might be important to audit a > namespace of the process causing the event... or not?
That does sound potentially useful. I've been working on reducing some of the restrictions caused by the introduciton of namespaces on audit, in particular, dealing with net namespaces and pid namespaces. I'm still looking at user namespaces with caution. I've not dealt with mount, uts and ipc namespaces. In particular to your concerns, I'd looked at how to identify namespaces in debug or log output and hadn't yet come up with anything satisfying yet. > Ondrej Moriš, RHCSA, RHCE, RHCSS, RHCVA - RGB -- Richard Guy Briggs <[email protected]> Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat Remote, Ottawa, Canada Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545 -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
