On 2018-03-05 08:43, Mimi Zohar wrote: > Hi Richard, > > This patch has been compiled, but not runtime tested.
Ok, great, thank you. I assume you are offering this patch to be included in this patchset? I'll have a look to see where it fits in the IMA record. It might be better if it were an AUDIT_CONTAINER_INFO auxiliary record, but I'll have a look at the circumstances of the event. Can you suggest a procedure to test it? > --- > > If the containerid is defined, include it in the IMA-audit record. > > Signed-off-by: Mimi Zohar <[email protected]> > --- > security/integrity/ima/ima_api.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/security/integrity/ima/ima_api.c > b/security/integrity/ima/ima_api.c > index 33b4458cdbef..41d29a06f28f 100644 > --- a/security/integrity/ima/ima_api.c > +++ b/security/integrity/ima/ima_api.c > @@ -335,6 +335,9 @@ void ima_audit_measurement(struct integrity_iint_cache > *iint, > audit_log_untrustedstring(ab, algo_hash); > > audit_log_task_info(ab, current); > + if (audit_containerid_set(current)) > + audit_log_format(ab, " contid=%llu", > + audit_get_containerid(current)); > audit_log_end(ab); > > iint->flags |= IMA_AUDITED; > -- > 2.7.5 > - RGB -- Richard Guy Briggs <[email protected]> Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635
