On Mon, Jul 13, 2020 at 9:08 PM Richard Guy Briggs <[email protected]> wrote: > On 2020-07-13 20:11, Paul Moore wrote: > > On Mon, Jul 13, 2020 at 7:09 PM Casey Schaufler <[email protected]> > > wrote: > > > ... but it does appear that I could switch to using your > > > audit_alloc_local(). > > > > In my opinion, linking the audit container ID and LSM stacking > > patchsets would seem like a very big mistake, especially since the > > consolidation you are describing could be done after the fact without > > any disruption to the kernel/userspace interface. I would strongly > > encourage both patchsets to remain self-contained if at all possible > > so as to not jeopardize each other. > > I see no need to link them. The audit_alloc_local() patch could stand > on its own to be used by either patchset and doesn't need to be included > in the contid patchset. There is no mention of contid in it. Patches 8 > and 11 depend on it so as long as it is already upstream that's fine.
Let me be clear, please don't do this. I really dislike that we need audit_alloc_local(), but we do because computers are awful things and audit is perhaps even more awful. Someday I'll make my peace with audit_alloc_local(), and/or it will become something more useful through consolidation, but now is not the time to push on this issue considering where the audit container ID patchset is at. -- paul moore www.paul-moore.com -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
