Hello List, It seems that auditd cannot be started in guest:
# augenrules --load The audit system is disabled The host system seems to miss the audit events from the guest, so no host audit either. Is there a way to audit guest syscalls, e.g. execve? There is no need to have the guest doing that, it could be also on host for guest. In fact I would even appreciate later solution where the host audits the guest without any means by the guest to escape the audit. Could some namespace trickery make it work? Kind Regards, Roman DI Roman Fiedler Scientist Digital Safety & Security Department Assistive Healthcare Information Technology AIT Austrian Institute of Technology GmbH Reininghausstraße 13/1 | 8020 Graz | Austria T +43(0) 50550 2957 | M +43(0) 664 8561599 | F +43(0) 50550 2950 [email protected] | http://www.ait.ac.at/ FN: 115980 i HG Wien | UID: ATU14703506 http://www.ait.ac.at/Email-Disclaimer
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
