On Sunday, July 22, 2018 4:55:10 PM EDT Richard Guy Briggs wrote:
> On 2018-07-22 09:32, Steve Grubb wrote:
> > On Saturday, July 21, 2018 4:29:30 PM EDT Richard Guy Briggs wrote:
> > > > > + * audit_log_contid - report container info
> > > > > + * @tsk: tas
On Wednesday, June 6, 2018 12:58:29 PM EDT Richard Guy Briggs wrote:
> Create a new audit record AUDIT_CONTAINER to document the audit
> container identifier of a process if it is present.
>
> Called from audit_log_exit(), syscalls are covered.
>
> A sample raw event:
> type=SYSCALL
On Thursday, May 17, 2018 5:41:02 PM EDT Richard Guy Briggs wrote:
> On 2018-05-17 17:09, Steve Grubb wrote:
> > On Fri, 16 Mar 2018 05:00:30 -0400
> >
> > Richard Guy Briggs <r...@redhat.com> wrote:
> > > Create a new audit record AUDIT_CONTAINER_INF
On Friday, March 16, 2018 5:00:40 AM EDT Richard Guy Briggs wrote:
> Add support for reading the container ID from the proc filesystem.
I think this could be useful in general. Please consider this to be part of
the full patch set and not something merely used to debug the patches.
-Steve
>
On Fri, 18 May 2018 11:21:06 -0400
Richard Guy Briggs <r...@redhat.com> wrote:
> On 2018-05-18 09:56, Steve Grubb wrote:
> > On Thu, 17 May 2018 17:56:00 -0400
> > Richard Guy Briggs <r...@redhat.com> wrote:
> >
> > > > During syscall ev
On Thu, 17 May 2018 17:56:00 -0400
Richard Guy Briggs wrote:
> > During syscall events, the path info is returned in a a record
> > simply called AUDIT_PATH, cwd info is returned in AUDIT_CWD. So,
> > rather than calling the record that gets attached to everything
> >
On Fri, 16 Mar 2018 05:00:30 -0400
Richard Guy Briggs wrote:
> Create a new audit record AUDIT_CONTAINER_INFO to document the
> container ID of a process if it is present.
As mentioned in a previous email, I think AUDIT_CONTAINER is more
suitable for the container record. One
On Fri, 16 Mar 2018 05:00:28 -0400
Richard Guy Briggs wrote:
> Implement the proc fs write to set the audit container ID of a
> process, emitting an AUDIT_CONTAINER record to document the event.
>
> This is a write from the container orchestrator task to a proc entry
> of the
On Monday, December 11, 2017 11:30:57 AM EST Eric Paris wrote:
> > Because a container doesn't have to use namespaces to be a container
> > you still need a mechanism for a process to declare that it is in
> > fact
> > in a container, and to identify the container.
>
> I like the idea but I'm
On Thursday, October 19, 2017 7:11:33 PM EDT Aleksa Sarai wrote:
> >>> The registration is a pseudo filesystem (proc, since PID tree already
> >>> exists) write of a u8[16] UUID representing the container ID to a file
> >>> representing a process that will become the first process in a new
> >>>
On Tuesday, October 17, 2017 1:57:43 PM EDT James Bottomley wrote:
> > > > The idea is that processes spawned into a container would be
> > > > labelled by the container orchestration system. It's unclear
> > > > what should happen to processes using nsenter after the fact, but
> > > > policy for
On Tuesday, October 17, 2017 12:43:18 PM EDT Casey Schaufler wrote:
> > The idea is that processes spawned into a container would be labelled
> > by the container orchestration system. It's unclear what should happen
> > to processes using nsenter after the fact, but policy for that should
> > be
On Monday, October 16, 2017 8:33:40 PM EDT Richard Guy Briggs wrote:
> On 2017-10-12 16:33, Casey Schaufler wrote:
> > On 10/12/2017 7:14 AM, Richard Guy Briggs wrote:
> > > Containers are a userspace concept. The kernel knows nothing of them.
> > >
> > > The Linux audit system needs a way to be
On Thursday, October 12, 2017 10:14:00 AM EDT Richard Guy Briggs wrote:
> Containers are a userspace concept. The kernel knows nothing of them.
>
> The Linux audit system needs a way to be able to track the container
> provenance of events and actions. Audit needs the kernel's help to do
>
On Wednesday 12 December 2007 14:05:42 Paul Moore wrote:
This patch corrects this inconsistency by writing the SPI values to the
audit record in host byte order.
Looks OK, to me, too.
-Steve
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL
On Tuesday 24 July 2007 12:33:26 pm Joy Latten wrote:
It also wouldn't hurt to change the text being sent to this function to
have a hyphen instead of a space, so SPD delete becomes SPD-delete.
This keeps the parser happy.
Steve, more for my education, should all entries have this sort of
On Monday 23 July 2007 13:49:17 Joy Latten wrote:
Will this cause existing applications to break?
Perhaps someone in audit list could help answer this.
Probably. Its better to take a new number and let the old ones sit idle.
-Steve
-
To unsubscribe from this list: send the line unsubscribe
On Monday 27 November 2006 14:11, Joy Latten wrote:
Please let me know if this is acceptable.
From an audit perspective, it looks good.
-Steve
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at
On Monday 27 November 2006 17:26, Joy Latten wrote:
This patch adds auditing to ipsec in
support of labeled ipsec.
The audit changes in this patch look good to me.
-Steve Grubb
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More
On Thursday 28 September 2006 14:03, [EMAIL PROTECTED] wrote:
This patch adds audit support to NetLabel, including six new audit message
types shown below.
#define AUDIT_MAC_UNLBL_ACCEPT 1406
#define AUDIT_MAC_UNLBL_DENY 1407
#define AUDIT_MAC_CIPSOV4_ADD 1408
#define
On Friday 29 September 2006 18:39, [EMAIL PROTECTED] wrote:
This should make NetLabel more consistent with other kernel
generated audit messages specifying configuration changes.
OK, this looks better. We may fine tune the messages later after we try it
out, but all the issues I saw are fixed.
On Thursday 22 June 2006 05:00, David Miller wrote:
#define NETLINK_GENERIC 16
+#define NETLINK_NETLABEL 17 /* Network packet labeling */
#define MAX_LINKS 32
Please use generic netlink.
Since this is a security interface, shouldn't it be its own
22 matches
Mail list logo