Hi Richard, This patch has been compiled, but not runtime tested.
--- If the containerid is defined, include it in the IMA-audit record. Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com> --- security/integrity/ima/ima_api.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index 33b4458cdbef..41d29a06f28f 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -335,6 +335,9 @@ void ima_audit_measurement(struct integrity_iint_cache *iint, audit_log_untrustedstring(ab, algo_hash); audit_log_task_info(ab, current); + if (audit_containerid_set(current)) + audit_log_format(ab, " contid=%llu", + audit_get_containerid(current)); audit_log_end(ab); iint->flags |= IMA_AUDITED; -- 2.7.5 -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit