[PATCH] audit: add containerid support for IMA-audit

Mimi Zohar Mon, 05 Mar 2018 05:43:49 -0800

Hi Richard,

This patch has been compiled, but not runtime tested.


---

If the containerid is defined, include it in the IMA-audit record.

Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
 security/integrity/ima/ima_api.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index 33b4458cdbef..41d29a06f28f 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -335,6 +335,9 @@ void ima_audit_measurement(struct integrity_iint_cache 
*iint,
        audit_log_untrustedstring(ab, algo_hash);
 
        audit_log_task_info(ab, current);
+       if (audit_containerid_set(current))
+               audit_log_format(ab, " contid=%llu",
+                                audit_get_containerid(current));
        audit_log_end(ab);
 
        iint->flags |= IMA_AUDITED;
-- 
2.7.5

--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit

[PATCH] audit: add containerid support for IMA-audit

Reply via email to