From: Richard Guy Briggs <rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> To: cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org, linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Linux-Audit Mailing List <linux-audit-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>, linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, LKML <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>, netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org Cc: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org, luto-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org, jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org, carlos-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org, dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org, madzcar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org, viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org, simo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org, eparis-FjpueFixGhCM4zKIHC2jIg@public.gmane.org Subject: [RFC PATCH ghak32 V2 05/13] audit: add containerid support for ptrace and signals Date: Fri, 16 Mar 2018 05:00:32 -0400 [thread overview] Message-ID: <8c7ff567377f4a83edac48e962c1b5b824b523c8.1521179281.git.rgb@redhat.com> (raw) In-Reply-To: <cover.1521179281.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> In-Reply-To: <cover.1521179281.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> Add container ID support to ptrace and signals. In particular, the "op" field provides a way to label the auxiliary record to which it is associated. Signed-off-by: Richard Guy Briggs <rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> --- include/linux/audit.h | 16 +++++++++++----- kernel/audit.c | 12 ++++++++---- kernel/audit.h | 2 ++ kernel/auditsc.c | 19 +++++++++++++++---- 4 files changed, 36 insertions(+), 13 deletions(-) diff --git a/include/linux/audit.h b/include/linux/audit.h index f10ca1b..ed16bb6 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -35,6 +35,7 @@ struct audit_sig_info { uid_t uid; pid_t pid; char ctx[0]; + u64 cid; }; struct audit_buffer; @@ -155,8 +156,8 @@ extern void audit_log_link_denied(const char *operation, extern int audit_log_task_context(struct audit_buffer *ab); extern void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk); -extern int audit_log_container_info(struct task_struct *tsk, - struct audit_context *context); +extern int audit_log_container_info(struct audit_context *context, + char *op, u64 containerid); extern int audit_update_lsm_rules(void); @@ -208,8 +209,8 @@ static inline int audit_log_task_context(struct audit_buffer *ab) static inline void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk) { } -static inline int audit_log_container_info(struct task_struct *tsk, - struct audit_context *context); +static inline int audit_log_container_info(struct audit_context *context, + char *op, u64 containerid); { } #define audit_enabled 0 #endif /* CONFIG_AUDIT */ @@ -598,9 +599,14 @@ static inline bool audit_loginuid_set(struct task_struct *tsk) return uid_valid(audit_get_loginuid(tsk)); } +static inline bool cid_valid(u64 containerid) +{ + return containerid != INVALID_CID; +} + static inline bool audit_containerid_set(struct task_struct *tsk) { - return audit_get_containerid(tsk) != INVALID_CID; + return cid_valid(audit_get_containerid(tsk)); } static inline void audit_log_string(struct audit_buffer *ab, const char *buf) diff --git a/kernel/audit.c b/kernel/audit.c index a12f21f..b238be5 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -142,6 +142,7 @@ struct audit_net { kuid_t audit_sig_uid = INVALID_UID; pid_t audit_sig_pid = -1; u32 audit_sig_sid = 0; +u64 audit_sig_cid = INVALID_CID; /* Records can be lost in several ways: 0) [suppressed in audit_alloc] @@ -1438,6 +1439,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) memcpy(sig_data->ctx, ctx, len); security_release_secctx(ctx, len); } + sig_data->cid = audit_sig_cid; audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, sig_data, sizeof(*sig_data) + len); kfree(sig_data); @@ -2051,20 +2053,22 @@ void audit_log_session_info(struct audit_buffer *ab) /* * audit_log_container_info - report container info - * @tsk: task to be recorded * @context: task or local context for record + * @op: containerid string description + * @containerid: container ID to report */ -int audit_log_container_info(struct task_struct *tsk, struct audit_context *context) +int audit_log_container_info(struct audit_context *context, + char *op, u64 containerid) { struct audit_buffer *ab; - if (!audit_containerid_set(tsk)) + if (!cid_valid(containerid)) return 0; /* Generate AUDIT_CONTAINER_INFO with container ID */ ab = audit_log_start(context, GFP_KERNEL, AUDIT_CONTAINER_INFO); if (!ab) return -ENOMEM; - audit_log_format(ab, "contid=%llu", audit_get_containerid(tsk)); + audit_log_format(ab, "op=%s contid=%llu", op, containerid); audit_log_end(ab); return 0; } diff --git a/kernel/audit.h b/kernel/audit.h index aaa651a..743d445 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -147,6 +147,7 @@ struct audit_context { kuid_t target_uid; unsigned int target_sessionid; u32 target_sid; + u64 target_cid; char target_comm[TASK_COMM_LEN]; struct audit_tree_refs *trees, *first_trees; @@ -330,6 +331,7 @@ extern void audit_log_d_path_exe(struct audit_buffer *ab, extern pid_t audit_sig_pid; extern kuid_t audit_sig_uid; extern u32 audit_sig_sid; +extern u64 audit_sig_cid; extern int audit_filter(int msgtype, unsigned int listtype); diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 2bba324..2932ef1 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -113,6 +113,7 @@ struct audit_aux_data_pids { kuid_t target_uid[AUDIT_AUX_PIDS]; unsigned int target_sessionid[AUDIT_AUX_PIDS]; u32 target_sid[AUDIT_AUX_PIDS]; + u64 target_cid[AUDIT_AUX_PIDS]; char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN]; int pid_count; }; @@ -1422,21 +1423,27 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts for (aux = context->aux_pids; aux; aux = aux->next) { struct audit_aux_data_pids *axs = (void *)aux; - for (i = 0; i < axs->pid_count; i++) + for (i = 0; i < axs->pid_count; i++) { + char axsn[sizeof("aux0xN ")]; + + sprintf(axsn, "aux0x%x", i); if (audit_log_pid_context(context, axs->target_pid[i], axs->target_auid[i], axs->target_uid[i], axs->target_sessionid[i], axs->target_sid[i], - axs->target_comm[i])) + axs->target_comm[i]) + && audit_log_container_info(context, axsn, axs->target_cid[i])) call_panic = 1; + } } if (context->target_pid && audit_log_pid_context(context, context->target_pid, context->target_auid, context->target_uid, context->target_sessionid, - context->target_sid, context->target_comm)) + context->target_sid, context->target_comm) + && audit_log_container_info(context, "target", context->target_cid)) call_panic = 1; if (context->pwd.dentry && context->pwd.mnt) { @@ -1456,7 +1463,7 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts audit_log_proctitle(tsk, context); - audit_log_container_info(tsk, context); + audit_log_container_info(context, "task", audit_get_containerid(tsk)); /* Send end of event record to help user space know we are finished */ ab = audit_log_start(context, GFP_KERNEL, AUDIT_EOE); @@ -2356,6 +2363,7 @@ void __audit_ptrace(struct task_struct *t) context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); security_task_getsecid(t, &context->target_sid); + context->target_cid = audit_get_containerid(t); memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2383,6 +2391,7 @@ int audit_signal_info(int sig, struct task_struct *t) else audit_sig_uid = uid; security_task_getsecid(tsk, &audit_sig_sid); + audit_sig_cid = audit_get_containerid(tsk); } if (!audit_signals || audit_dummy_context()) @@ -2396,6 +2405,7 @@ int audit_signal_info(int sig, struct task_struct *t) ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); security_task_getsecid(t, &ctx->target_sid); + ctx->target_cid = audit_get_containerid(t); memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2417,6 +2427,7 @@ int audit_signal_info(int sig, struct task_struct *t) axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); security_task_getsecid(t, &axp->target_sid[axp->pid_count]); + axp->target_cid[axp->pid_count] = audit_get_containerid(t); memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; -- 1.8.3.1
WARNING: multiple messages have this Message-ID (diff)
From: Richard Guy Briggs <rgb@redhat.com> To: cgroups@vger.kernel.org, containers@lists.linux-foundation.org, linux-api@vger.kernel.org, Linux-Audit Mailing List <linux-audit@redhat.com>, linux-fsdevel@vger.kernel.org, LKML <linux-kernel@vger.kernel.org>, netdev@vger.kernel.org Cc: luto@kernel.org, jlayton@redhat.com, carlos@redhat.com, viro@zeniv.linux.org.uk, dhowells@redhat.com, simo@redhat.com, eparis@parisplace.org, serge@hallyn.com, ebiederm@xmission.com, madzcar@gmail.com, Richard Guy Briggs <rgb@redhat.com> Subject: [RFC PATCH ghak32 V2 05/13] audit: add containerid support for ptrace and signals Date: Fri, 16 Mar 2018 05:00:32 -0400 [thread overview] Message-ID: <8c7ff567377f4a83edac48e962c1b5b824b523c8.1521179281.git.rgb@redhat.com> (raw) In-Reply-To: <cover.1521179281.git.rgb@redhat.com> In-Reply-To: <cover.1521179281.git.rgb@redhat.com> Add container ID support to ptrace and signals. In particular, the "op" field provides a way to label the auxiliary record to which it is associated. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> --- include/linux/audit.h | 16 +++++++++++----- kernel/audit.c | 12 ++++++++---- kernel/audit.h | 2 ++ kernel/auditsc.c | 19 +++++++++++++++---- 4 files changed, 36 insertions(+), 13 deletions(-) diff --git a/include/linux/audit.h b/include/linux/audit.h index f10ca1b..ed16bb6 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -35,6 +35,7 @@ struct audit_sig_info { uid_t uid; pid_t pid; char ctx[0]; + u64 cid; }; struct audit_buffer; @@ -155,8 +156,8 @@ extern void audit_log_link_denied(const char *operation, extern int audit_log_task_context(struct audit_buffer *ab); extern void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk); -extern int audit_log_container_info(struct task_struct *tsk, - struct audit_context *context); +extern int audit_log_container_info(struct audit_context *context, + char *op, u64 containerid); extern int audit_update_lsm_rules(void); @@ -208,8 +209,8 @@ static inline int audit_log_task_context(struct audit_buffer *ab) static inline void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk) { } -static inline int audit_log_container_info(struct task_struct *tsk, - struct audit_context *context); +static inline int audit_log_container_info(struct audit_context *context, + char *op, u64 containerid); { } #define audit_enabled 0 #endif /* CONFIG_AUDIT */ @@ -598,9 +599,14 @@ static inline bool audit_loginuid_set(struct task_struct *tsk) return uid_valid(audit_get_loginuid(tsk)); } +static inline bool cid_valid(u64 containerid) +{ + return containerid != INVALID_CID; +} + static inline bool audit_containerid_set(struct task_struct *tsk) { - return audit_get_containerid(tsk) != INVALID_CID; + return cid_valid(audit_get_containerid(tsk)); } static inline void audit_log_string(struct audit_buffer *ab, const char *buf) diff --git a/kernel/audit.c b/kernel/audit.c index a12f21f..b238be5 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -142,6 +142,7 @@ struct audit_net { kuid_t audit_sig_uid = INVALID_UID; pid_t audit_sig_pid = -1; u32 audit_sig_sid = 0; +u64 audit_sig_cid = INVALID_CID; /* Records can be lost in several ways: 0) [suppressed in audit_alloc] @@ -1438,6 +1439,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) memcpy(sig_data->ctx, ctx, len); security_release_secctx(ctx, len); } + sig_data->cid = audit_sig_cid; audit_send_reply(skb, seq, AUDIT_SIGNAL_INFO, 0, 0, sig_data, sizeof(*sig_data) + len); kfree(sig_data); @@ -2051,20 +2053,22 @@ void audit_log_session_info(struct audit_buffer *ab) /* * audit_log_container_info - report container info - * @tsk: task to be recorded * @context: task or local context for record + * @op: containerid string description + * @containerid: container ID to report */ -int audit_log_container_info(struct task_struct *tsk, struct audit_context *context) +int audit_log_container_info(struct audit_context *context, + char *op, u64 containerid) { struct audit_buffer *ab; - if (!audit_containerid_set(tsk)) + if (!cid_valid(containerid)) return 0; /* Generate AUDIT_CONTAINER_INFO with container ID */ ab = audit_log_start(context, GFP_KERNEL, AUDIT_CONTAINER_INFO); if (!ab) return -ENOMEM; - audit_log_format(ab, "contid=%llu", audit_get_containerid(tsk)); + audit_log_format(ab, "op=%s contid=%llu", op, containerid); audit_log_end(ab); return 0; } diff --git a/kernel/audit.h b/kernel/audit.h index aaa651a..743d445 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -147,6 +147,7 @@ struct audit_context { kuid_t target_uid; unsigned int target_sessionid; u32 target_sid; + u64 target_cid; char target_comm[TASK_COMM_LEN]; struct audit_tree_refs *trees, *first_trees; @@ -330,6 +331,7 @@ extern void audit_log_d_path_exe(struct audit_buffer *ab, extern pid_t audit_sig_pid; extern kuid_t audit_sig_uid; extern u32 audit_sig_sid; +extern u64 audit_sig_cid; extern int audit_filter(int msgtype, unsigned int listtype); diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 2bba324..2932ef1 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -113,6 +113,7 @@ struct audit_aux_data_pids { kuid_t target_uid[AUDIT_AUX_PIDS]; unsigned int target_sessionid[AUDIT_AUX_PIDS]; u32 target_sid[AUDIT_AUX_PIDS]; + u64 target_cid[AUDIT_AUX_PIDS]; char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN]; int pid_count; }; @@ -1422,21 +1423,27 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts for (aux = context->aux_pids; aux; aux = aux->next) { struct audit_aux_data_pids *axs = (void *)aux; - for (i = 0; i < axs->pid_count; i++) + for (i = 0; i < axs->pid_count; i++) { + char axsn[sizeof("aux0xN ")]; + + sprintf(axsn, "aux0x%x", i); if (audit_log_pid_context(context, axs->target_pid[i], axs->target_auid[i], axs->target_uid[i], axs->target_sessionid[i], axs->target_sid[i], - axs->target_comm[i])) + axs->target_comm[i]) + && audit_log_container_info(context, axsn, axs->target_cid[i])) call_panic = 1; + } } if (context->target_pid && audit_log_pid_context(context, context->target_pid, context->target_auid, context->target_uid, context->target_sessionid, - context->target_sid, context->target_comm)) + context->target_sid, context->target_comm) + && audit_log_container_info(context, "target", context->target_cid)) call_panic = 1; if (context->pwd.dentry && context->pwd.mnt) { @@ -1456,7 +1463,7 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts audit_log_proctitle(tsk, context); - audit_log_container_info(tsk, context); + audit_log_container_info(context, "task", audit_get_containerid(tsk)); /* Send end of event record to help user space know we are finished */ ab = audit_log_start(context, GFP_KERNEL, AUDIT_EOE); @@ -2356,6 +2363,7 @@ void __audit_ptrace(struct task_struct *t) context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); security_task_getsecid(t, &context->target_sid); + context->target_cid = audit_get_containerid(t); memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2383,6 +2391,7 @@ int audit_signal_info(int sig, struct task_struct *t) else audit_sig_uid = uid; security_task_getsecid(tsk, &audit_sig_sid); + audit_sig_cid = audit_get_containerid(tsk); } if (!audit_signals || audit_dummy_context()) @@ -2396,6 +2405,7 @@ int audit_signal_info(int sig, struct task_struct *t) ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); security_task_getsecid(t, &ctx->target_sid); + ctx->target_cid = audit_get_containerid(t); memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2417,6 +2427,7 @@ int audit_signal_info(int sig, struct task_struct *t) axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); security_task_getsecid(t, &axp->target_sid[axp->pid_count]); + axp->target_cid[axp->pid_count] = audit_get_containerid(t); memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; -- 1.8.3.1
next prev parent reply other threads:[~2018-03-16 9:00 UTC|newest] Thread overview: 147+ messages / expand[flat|nested] mbox.gz Atom feed top 2018-03-16 9:00 [RFC PATCH ghak32 V2 00/13] audit: implement container id Richard Guy Briggs 2018-03-16 9:00 ` Richard Guy Briggs 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 01/13] audit: add " Richard Guy Briggs 2018-03-28 18:39 ` Jonathan Corbet [not found] ` <20180328123912.49b11c98-T1hC0tSOHrs@public.gmane.org> 2018-03-29 9:01 ` Richard Guy Briggs 2018-03-29 9:01 ` Richard Guy Briggs [not found] ` <20180329090132.r3qfomigkw3hbwbw-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org> 2018-03-29 13:03 ` Jonathan Corbet 2018-03-29 13:03 ` Jonathan Corbet 2018-03-30 5:06 ` Richard Guy Briggs 2018-03-30 5:06 ` Richard Guy Briggs [not found] ` <20180329070327.7f4c92c8-T1hC0tSOHrs@public.gmane.org> 2018-03-30 5:06 ` Richard Guy Briggs 2018-04-18 23:47 ` Paul Moore 2018-04-19 0:41 ` Casey Schaufler [not found] ` <32d3e7a6-36f0-571a-bb91-67f746c7eafa-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org> 2018-04-19 0:46 ` Paul Moore 2018-04-19 0:46 ` Paul Moore [not found] ` <CAHC9VhTz-pr-iUVv-+R3ShwEKSHDsweDGuN7255HV7Cu3ZYPEw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2018-04-19 1:15 ` Casey Schaufler 2018-04-19 1:15 ` Casey Schaufler [not found] ` <CAHC9VhTyvxxj2e2Gn+iyW6iLLeYB7hp8a+JvfeMmJ2nUPqtEaw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2018-04-19 0:41 ` Casey Schaufler 2018-04-21 14:34 ` Richard Guy Briggs 2018-05-06 16:51 ` Richard Guy Briggs 2018-04-21 14:34 ` Richard Guy Briggs 2018-04-23 23:15 ` Paul Moore 2018-04-24 2:02 ` Richard Guy Briggs 2018-04-24 19:01 ` Paul Moore 2018-04-25 0:40 ` Richard Guy Briggs 2018-04-26 22:47 ` Paul Moore [not found] ` <20180425004031.zutsno6hvmpq3crd-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org> 2018-04-26 22:47 ` Paul Moore [not found] ` <CAHC9VhSZd7V9avx6K5g6CQ7mkj1T8ti7Nqq=OoWVwPznkesD1w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2018-04-25 0:40 ` Richard Guy Briggs [not found] ` <20180424020200.imonhbkwtb73luxl-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org> 2018-04-24 19:01 ` Paul Moore [not found] ` <CAHC9VhQkJBU-f-AuEnGF1BA2QW6nCJ_yr_EqBR02-1y9+XQZ5A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2018-04-24 2:02 ` Richard Guy Briggs [not found] ` <20180421143443.faaput5g2rn6ul7p-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org> 2018-04-23 23:15 ` Paul Moore 2018-05-06 16:51 ` Richard Guy Briggs [not found] ` <e284617ad667ad8f17958dd8babb87fe1b4d7205.1521179281.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2018-03-28 18:39 ` Jonathan Corbet 2018-04-18 23:47 ` Paul Moore 2018-05-17 21:00 ` Steve Grubb 2018-05-17 21:00 ` Steve Grubb 2018-05-17 21:56 ` Richard Guy Briggs [not found] ` <20180517215600.dyswlkvqdtgjwr5y-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org> 2018-05-18 13:56 ` Steve Grubb 2018-05-18 13:56 ` Steve Grubb 2018-05-18 15:21 ` Richard Guy Briggs [not found] ` <20180518152106.do5b3mu6e6eyvo7q-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org> 2018-05-18 15:38 ` Steve Grubb 2018-05-18 15:38 ` Steve Grubb 2018-05-18 15:21 ` Richard Guy Briggs 2018-05-17 21:56 ` Richard Guy Briggs 2018-06-01 21:04 ` Richard Guy Briggs 2018-06-04 16:09 ` Steve Grubb 2018-06-04 20:23 ` Richard Guy Briggs 2018-06-04 20:30 ` Richard Guy Briggs 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 03/13] audit: log container info of syscalls Richard Guy Briggs 2018-05-17 21:09 ` Steve Grubb 2018-05-17 21:41 ` Richard Guy Briggs 2018-05-17 21:41 ` Richard Guy Briggs 2018-05-21 19:19 ` Steve Grubb [not found] ` <20180517214102.qhg4gofwrbsn2eru-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org> 2018-05-21 19:19 ` Steve Grubb [not found] ` <6768d20c636df65534f8d325529669bb30a58382.1521179281.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2018-05-17 21:09 ` Steve Grubb 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 04/13] audit: add containerid filtering Richard Guy Briggs 2018-04-19 0:24 ` Paul Moore 2018-04-19 12:17 ` Richard Guy Briggs [not found] ` <CAHC9VhRVGTCVJxG3Etcs-aOpr71A7xGsn5VPhskUG35rmQ7WUw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2018-04-19 12:17 ` Richard Guy Briggs [not found] ` <b933f93762435990e9b1e6d5aebf15f186ac8951.1521179281.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2018-04-19 0:24 ` Paul Moore 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 06/13] audit: add support for non-syscall auxiliary records Richard Guy Briggs 2018-04-19 0:39 ` Paul Moore [not found] ` <CAHC9VhQbPbnrbxCD1fyTSxWgrXXXYnZw_=nbOhfMCO5Q5eSsWQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2018-04-20 1:23 ` Richard Guy Briggs 2018-04-20 1:23 ` Richard Guy Briggs [not found] ` <20180420012346.udnga5pfdjoazcfc-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org> 2018-04-20 16:21 ` Paul Moore 2018-04-20 16:21 ` Paul Moore [not found] ` <ee2a945fb09a939b3c214f45e49dab6a770d83e6.1521179281.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2018-04-19 0:39 ` Paul Moore 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 08/13] audit: add containerid support for tty_audit Richard Guy Briggs 2018-03-16 9:00 ` Richard Guy Briggs 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 09/13] audit: add containerid support for config/feature/user records Richard Guy Briggs 2018-03-16 9:00 ` Richard Guy Briggs 2018-04-19 1:27 ` Paul Moore [not found] ` <CAHC9VhQ-i5oA48sXXnN2fP06t5=9-NMoY0bKcGXorQw2k=CK0Q-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2018-04-19 12:31 ` Richard Guy Briggs 2018-04-19 12:31 ` Richard Guy Briggs 2018-04-19 12:59 ` Paul Moore [not found] ` <20180419123109.ab7gsnwrbtog4tbf-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org> 2018-04-19 12:59 ` Paul Moore [not found] ` <c34a7a95eb045a62e2443457979db9d7afbd9aee.1521179281.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2018-04-19 1:27 ` Paul Moore 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 11/13] audit: add support for containerid to network namespaces Richard Guy Briggs 2018-04-19 1:46 ` Paul Moore 2018-04-20 20:02 ` Richard Guy Briggs 2018-04-20 20:22 ` Paul Moore 2018-04-20 20:42 ` Richard Guy Briggs [not found] ` <20180420204225.iik2lgtj6gx2ep4w-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org> 2018-04-21 12:10 ` Paul Moore 2018-04-21 12:10 ` Paul Moore [not found] ` <CAHC9VhTOYUAyCJidm99som6FVmjouQUGsEHarQ4h_NhwJxQQfw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2018-04-20 20:42 ` Richard Guy Briggs [not found] ` <20180420200226.7tyxzuovdbgclw3m-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org> 2018-04-20 20:22 ` Paul Moore [not found] ` <CAHC9VhRkstDMjd5T3w+iOUDjzDAs1AOm0xd3p6v_xn6fNGYQhA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2018-04-20 20:02 ` Richard Guy Briggs [not found] ` <11b43a498e768a14764594c808a96b34d52be0af.1521179281.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2018-04-19 1:46 ` Paul Moore 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 12/13] audit: NETFILTER_PKT: record each container ID associated with a netNS Richard Guy Briggs 2018-04-19 2:10 ` Paul Moore [not found] ` <CAHC9VhR3BNRr24BPxud0X_eyFmSxUOh9bwjWNU4Z=rnDR0fENA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2018-04-19 12:45 ` Richard Guy Briggs 2018-04-19 12:45 ` Richard Guy Briggs [not found] ` <20180419124550.7uknp4oebvwoo67s-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org> 2018-04-19 13:13 ` Paul Moore 2018-04-19 13:13 ` Paul Moore [not found] ` <66adde01c1dda792aff99a457eea576a0b08ca98.1521179281.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2018-04-19 2:10 ` Paul Moore 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 13/13] debug audit: read container ID of a process Richard Guy Briggs 2018-03-16 9:00 ` Richard Guy Briggs [not found] ` <1081821010c124fe4e35984ec3dac1654453bb7c.1521179281.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2018-05-21 19:16 ` Steve Grubb 2018-05-21 19:16 ` Steve Grubb 2018-05-21 19:19 ` Eric W. Biederman 2018-05-21 19:19 ` Eric W. Biederman 2018-05-21 20:06 ` Paul Moore [not found] ` <CAHC9VhQruN88t-R9Qo3e4hwCZ58RAyrmEmH1nY4RR6NZaiBzGQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2018-05-22 17:35 ` Richard Guy Briggs 2018-05-22 17:35 ` Richard Guy Briggs [not found] ` <20180522173541.slcdszumi7q6c4id-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org> 2018-05-22 18:59 ` Paul Moore 2018-05-22 18:59 ` Paul Moore [not found] ` <87muwshl4z.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> 2018-05-21 20:06 ` Paul Moore [not found] ` <cover.1521179281.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 01/13] audit: add container id Richard Guy Briggs 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 02/13] audit: check children and threading before allowing containerid Richard Guy Briggs 2018-03-16 9:00 ` Richard Guy Briggs [not found] ` <995b77557010b2f9aed0e10435f7b8536df7a5db.1521179281.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2018-04-19 0:11 ` Paul Moore 2018-04-19 0:11 ` Paul Moore 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 03/13] audit: log container info of syscalls Richard Guy Briggs 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 04/13] audit: add containerid filtering Richard Guy Briggs 2018-03-16 9:00 ` Richard Guy Briggs [this message] 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 05/13] audit: add containerid support for ptrace and signals Richard Guy Briggs 2018-04-19 0:32 ` Paul Moore 2018-04-20 1:03 ` Richard Guy Briggs 2018-04-20 16:13 ` Paul Moore [not found] ` <20180420010320.panie6mtdafxl65y-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org> 2018-04-20 16:13 ` Paul Moore [not found] ` <CAHC9VhTy4fX1hYfD5tppbP-fRaVRMXOfeJ=Et96J_rc7Jw12Bw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2018-04-20 1:03 ` Richard Guy Briggs [not found] ` <8c7ff567377f4a83edac48e962c1b5b824b523c8.1521179281.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2018-04-19 0:32 ` Paul Moore 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 06/13] audit: add support for non-syscall auxiliary records Richard Guy Briggs 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 07/13] audit: add container aux record to watch/tree/mark Richard Guy Briggs 2018-03-16 9:00 ` Richard Guy Briggs 2018-04-19 0:42 ` Paul Moore 2018-04-19 12:24 ` Richard Guy Briggs [not found] ` <CAHC9VhTzp-r2TFytt1zTEpeGK=O5dEnLPFw-CdsM1ttpY0a30g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2018-04-19 12:24 ` Richard Guy Briggs [not found] ` <737f914a88d048b9985984c0ce1f946c30ca374c.1521179281.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2018-04-19 0:42 ` Paul Moore 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 08/13] audit: add containerid support for tty_audit Richard Guy Briggs 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 09/13] audit: add containerid support for config/feature/user records Richard Guy Briggs 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 10/13] audit: add containerid support for seccomp and anom_abend records Richard Guy Briggs 2018-03-16 9:00 ` Richard Guy Briggs 2018-04-19 1:31 ` Paul Moore [not found] ` <CAHC9VhS6MKoLkzpfcmYBSNnvrtbL2FOF5PX9uOfivSVEWykkQg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2018-04-20 0:42 ` Richard Guy Briggs 2018-04-20 0:42 ` Richard Guy Briggs [not found] ` <20180420004218.tgndd474wgueyjzk-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org> 2018-04-20 16:11 ` Paul Moore 2018-04-20 16:11 ` Paul Moore [not found] ` <11174597083f89352f1d6491ec94e27f882625d9.1521179281.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2018-04-19 1:31 ` Paul Moore 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 11/13] audit: add support for containerid to network namespaces Richard Guy Briggs 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 12/13] audit: NETFILTER_PKT: record each container ID associated with a netNS Richard Guy Briggs 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 13/13] debug audit: read container ID of a process Richard Guy Briggs 2018-05-30 13:20 ` [RFC PATCH ghak32 V2 00/13] audit: implement container id Steve Grubb 2018-05-30 13:20 ` Steve Grubb 2018-05-30 17:33 ` Richard Guy Briggs 2018-05-30 17:33 ` Richard Guy Briggs 2018-05-30 17:33 ` Richard Guy Briggs
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=8c7ff567377f4a83edac48e962c1b5b824b523c8.1521179281.git.rgb@redhat.com \ --to=rgb-h+wxahxf7alqt0dzr+alfa@public.gmane.org \ --cc=carlos-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \ --cc=cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \ --cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \ --cc=dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \ --cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \ --cc=eparis-FjpueFixGhCM4zKIHC2jIg@public.gmane.org \ --cc=jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \ --cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \ --cc=linux-audit-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \ --cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \ --cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \ --cc=luto-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \ --cc=madzcar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \ --cc=netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \ --cc=simo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \ --cc=viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.