Re: RFC(V3): Audit Kernel Container IDs

On Fri, 2018-02-02 at 18:24 -0500, Paul Moore wrote: > On Fri, Feb 2, 2018 at 5:19 PM, Simo Sorce wrote: > > On Fri, 2018-02-02 at 16:24 -0500, Paul Moore wrote: > > > On Wed, Jan 10, 2018 at 2:00 AM, Richard Guy Briggs > > > wrote: > > > > On 2018-01-09 11:18,

Re: RFC(V3): Audit Kernel Container IDs

On Fri, 2018-02-02 at 18:24 -0500, Paul Moore wrote: > On Fri, Feb 2, 2018 at 5:19 PM, Simo Sorce wrote: > > On Fri, 2018-02-02 at 16:24 -0500, Paul Moore wrote: > > > On Wed, Jan 10, 2018 at 2:00 AM, Richard Guy Briggs > > > wrote: > > > > On 2018-01-09 11:18, Simo Sorce wrote: > > > > > On

Re: RFC(V3): Audit Kernel Container IDs

On 2/2/2018 3:24 PM, Paul Moore wrote: > On Fri, Feb 2, 2018 at 5:19 PM, Simo Sorce wrote: >> On Fri, 2018-02-02 at 16:24 -0500, Paul Moore wrote: >>> On Wed, Jan 10, 2018 at 2:00 AM, Richard Guy Briggs wrote: On 2018-01-09 11:18, Simo Sorce wrote: > On

Re: RFC(V3): Audit Kernel Container IDs

On 2/2/2018 3:24 PM, Paul Moore wrote: > On Fri, Feb 2, 2018 at 5:19 PM, Simo Sorce wrote: >> On Fri, 2018-02-02 at 16:24 -0500, Paul Moore wrote: >>> On Wed, Jan 10, 2018 at 2:00 AM, Richard Guy Briggs wrote: On 2018-01-09 11:18, Simo Sorce wrote: > On Tue, 2018-01-09 at 07:16 -0500,

Re: RFC(V3): Audit Kernel Container IDs

On Fri, Feb 02, 2018 at 05:05:22PM -0500, Paul Moore wrote: > On Tue, Jan 9, 2018 at 7:16 AM, Richard Guy Briggs wrote: > > Containers are a userspace concept. The kernel knows nothing of them. > > > > The Linux audit system needs a way to be able to track the container > >

Re: RFC(V3): Audit Kernel Container IDs

On Fri, Feb 02, 2018 at 05:05:22PM -0500, Paul Moore wrote: > On Tue, Jan 9, 2018 at 7:16 AM, Richard Guy Briggs wrote: > > Containers are a userspace concept. The kernel knows nothing of them. > > > > The Linux audit system needs a way to be able to track the container > > provenance of events

Re: RFC(V3): Audit Kernel Container IDs

On Fri, Feb 2, 2018 at 5:19 PM, Simo Sorce wrote: > On Fri, 2018-02-02 at 16:24 -0500, Paul Moore wrote: >> On Wed, Jan 10, 2018 at 2:00 AM, Richard Guy Briggs wrote: >> > On 2018-01-09 11:18, Simo Sorce wrote: >> > > On Tue, 2018-01-09 at 07:16 -0500, Richard

Re: RFC(V3): Audit Kernel Container IDs

On Fri, Feb 2, 2018 at 5:19 PM, Simo Sorce wrote: > On Fri, 2018-02-02 at 16:24 -0500, Paul Moore wrote: >> On Wed, Jan 10, 2018 at 2:00 AM, Richard Guy Briggs wrote: >> > On 2018-01-09 11:18, Simo Sorce wrote: >> > > On Tue, 2018-01-09 at 07:16 -0500, Richard Guy Briggs wrote: ... >> > Paul,

Re: RFC(V3): Audit Kernel Container IDs

On Fri, 2018-02-02 at 16:24 -0500, Paul Moore wrote: > On Wed, Jan 10, 2018 at 2:00 AM, Richard Guy Briggs wrote: > > On 2018-01-09 11:18, Simo Sorce wrote: > > > On Tue, 2018-01-09 at 07:16 -0500, Richard Guy Briggs wrote: > > > > Containers are a userspace concept. The kernel

Re: RFC(V3): Audit Kernel Container IDs

On Fri, 2018-02-02 at 16:24 -0500, Paul Moore wrote: > On Wed, Jan 10, 2018 at 2:00 AM, Richard Guy Briggs wrote: > > On 2018-01-09 11:18, Simo Sorce wrote: > > > On Tue, 2018-01-09 at 07:16 -0500, Richard Guy Briggs wrote: > > > > Containers are a userspace concept. The kernel knows nothing of

Re: RFC(V3): Audit Kernel Container IDs

On Tue, Jan 9, 2018 at 7:16 AM, Richard Guy Briggs wrote: > Containers are a userspace concept. The kernel knows nothing of them. > > The Linux audit system needs a way to be able to track the container > provenance of events and actions. Audit needs the kernel's help to do >

Re: RFC(V3): Audit Kernel Container IDs

On Tue, Jan 9, 2018 at 7:16 AM, Richard Guy Briggs wrote: > Containers are a userspace concept. The kernel knows nothing of them. > > The Linux audit system needs a way to be able to track the container > provenance of events and actions. Audit needs the kernel's help to do > this. Two small

Re: RFC(V3): Audit Kernel Container IDs

On Wed, Jan 10, 2018 at 2:00 AM, Richard Guy Briggs wrote: > On 2018-01-09 11:18, Simo Sorce wrote: >> On Tue, 2018-01-09 at 07:16 -0500, Richard Guy Briggs wrote: >> > Containers are a userspace concept. The kernel knows nothing of them. >> > >> > The Linux audit system needs a

Re: RFC(V3): Audit Kernel Container IDs

On Wed, Jan 10, 2018 at 2:00 AM, Richard Guy Briggs wrote: > On 2018-01-09 11:18, Simo Sorce wrote: >> On Tue, 2018-01-09 at 07:16 -0500, Richard Guy Briggs wrote: >> > Containers are a userspace concept. The kernel knows nothing of them. >> > >> > The Linux audit system needs a way to be able

Re: RFC(V3): Audit Kernel Container IDs

On Tue, Jan 9, 2018 at 11:18 AM, Simo Sorce wrote: > On Tue, 2018-01-09 at 07:16 -0500, Richard Guy Briggs wrote: ... >> Changelog: >> >> (Upstream V3) >> - switch back to u64 (from pmoore, can be expanded to u128 in future if >> need arises without breaking API. u32 was

Re: RFC(V3): Audit Kernel Container IDs

On Tue, Jan 9, 2018 at 11:18 AM, Simo Sorce wrote: > On Tue, 2018-01-09 at 07:16 -0500, Richard Guy Briggs wrote: ... >> Changelog: >> >> (Upstream V3) >> - switch back to u64 (from pmoore, can be expanded to u128 in future if >> need arises without breaking API. u32 was originally proposed,

Re: RFC(V3): Audit Kernel Container IDs

On 2018-01-09 11:18, Simo Sorce wrote: > On Tue, 2018-01-09 at 07:16 -0500, Richard Guy Briggs wrote: > > Containers are a userspace concept. The kernel knows nothing of them. > > > > The Linux audit system needs a way to be able to track the container > > provenance of events and actions.

Re: RFC(V3): Audit Kernel Container IDs

On 2018-01-09 11:18, Simo Sorce wrote: > On Tue, 2018-01-09 at 07:16 -0500, Richard Guy Briggs wrote: > > Containers are a userspace concept. The kernel knows nothing of them. > > > > The Linux audit system needs a way to be able to track the container > > provenance of events and actions.

Re: RFC(V3): Audit Kernel Container IDs

On 2018-01-09 19:05, Eric W. Biederman wrote: > Please let's have a description of the problem you are trying to solve. I thought the first sentence of the second paragraph summed it up rather well. Here are the elaborated motivations: - Filter unwanted, irrelevant or unimportant messages

Re: RFC(V3): Audit Kernel Container IDs

On 2018-01-09 19:05, Eric W. Biederman wrote: > Please let's have a description of the problem you are trying to solve. I thought the first sentence of the second paragraph summed it up rather well. Here are the elaborated motivations: - Filter unwanted, irrelevant or unimportant messages

Re: RFC(V3): Audit Kernel Container IDs

Please let's have a description of the problem you are trying to solve. A proposed solution without talking about the problem space is useless. Any proposed solution could potentially work. I know to these exist. There is motivation for your work. What is the motivation? What problem are you

Re: RFC(V3): Audit Kernel Container IDs

Please let's have a description of the problem you are trying to solve. A proposed solution without talking about the problem space is useless. Any proposed solution could potentially work. I know to these exist. There is motivation for your work. What is the motivation? What problem are you

Re: RFC(V3): Audit Kernel Container IDs

On Tue, 2018-01-09 at 07:16 -0500, Richard Guy Briggs wrote: > Containers are a userspace concept. The kernel knows nothing of them. > > The Linux audit system needs a way to be able to track the container > provenance of events and actions. Audit needs the kernel's help to do > this. > >

Re: RFC(V3): Audit Kernel Container IDs

On Tue, 2018-01-09 at 07:16 -0500, Richard Guy Briggs wrote: > Containers are a userspace concept. The kernel knows nothing of them. > > The Linux audit system needs a way to be able to track the container > provenance of events and actions. Audit needs the kernel's help to do > this. > >