From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mimi Zohar Subject: Re: [PATCH] audit: add containerid support for IMA-audit Date: Thu, 08 Mar 2018 13:02:45 -0500 Message-ID: <1520532165.3605.51.camel__24942.3774461777$1520532091$gmane$org@linux.vnet.ibm.com> References: <1520257393.10396.291.camel@linux.vnet.ibm.com> <20180305135008.po6lheqnmkqqo6q4@madcap2.tricolour.ca> <1520259854.10396.313.camel@linux.vnet.ibm.com> <20180308112104.z67wohdvjqemy7wy@madcap2.tricolour.ca> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: In-Reply-To: <20180308112104.z67wohdvjqemy7wy-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: Richard Guy Briggs Cc: paul-r2n+y4ga6xFZroRs9YW3xA@public.gmane.org, containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org, LKML , Matthew Garrett , Peter Moody , Linux-Audit Mailing List , linux-integrity , sgrubb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org List-Id: containers.vger.kernel.org T24gVGh1LCAyMDE4LTAzLTA4IGF0IDA2OjIxIC0wNTAwLCBSaWNoYXJkIEd1eSBCcmlnZ3Mgd3Jv dGU6Cj4gT24gMjAxOC0wMy0wNSAwOToyNCwgTWltaSBab2hhciB3cm90ZToKPiA+IE9uIE1vbiwg MjAxOC0wMy0wNSBhdCAwODo1MCAtMDUwMCwgUmljaGFyZCBHdXkgQnJpZ2dzIHdyb3RlOgo+ID4g PiBPbiAyMDE4LTAzLTA1IDA4OjQzLCBNaW1pIFpvaGFyIHdyb3RlOgo+ID4gPiA+IEhpIFJpY2hh cmQsCj4gPiA+ID4gCj4gPiA+ID4gVGhpcyBwYXRjaCBoYXMgYmVlbiBjb21waWxlZCwgYnV0IG5v dCBydW50aW1lIHRlc3RlZC4KPiA+ID4gCj4gPiA+IE9rLCBncmVhdCwgdGhhbmsgeW91LiAgSSBh c3N1bWUgeW91IGFyZSBvZmZlcmluZyB0aGlzIHBhdGNoIHRvIGJlCj4gPiA+IGluY2x1ZGVkIGlu IHRoaXMgcGF0Y2hzZXQ/Cj4gPiAKPiA+IFllcywgdGhhbmsgeW91Lgo+ID4gCj4gPiA+IEknbGwg aGF2ZSBhIGxvb2sgdG8gc2VlIHdoZXJlIGl0IGZpdHMgaW4gdGhlCj4gPiA+IElNQSByZWNvcmQu ICBJdCBtaWdodCBiZSBiZXR0ZXIgaWYgaXQgd2VyZSBhbiBBVURJVF9DT05UQUlORVJfSU5GTwo+ ID4gPiBhdXhpbGlhcnkgcmVjb3JkLCBidXQgSSdsbCBoYXZlIGEgbG9vayBhdCB0aGUgY2lyY3Vt c3RhbmNlcyBvZiB0aGUKPiA+ID4gZXZlbnQuICAKPiAKPiBJIGhhZCBhIGxvb2sgYXQgdGhlIGNv bnRleHQgb2YgdGhpcyByZWNvcmQgdG8gc2VlIGlmIGFkZGluZyB0aGUgY29udGlkCj4gZmllbGQg dG8gaXQgbWFkZSBzZW5zZS4gIEkgdGhpbmsgdGhlIG9ubHkgcmVjb3JkcyBmb3Igd2hpY2ggdGhl IGNvbnRpZAo+IGZpZWxkIG1ha2VzIHNlbnNlIGFyZSB0aGUgdHdvIG5ld2x5IHByb3Bvc2VkIHJl Y29yZHMsIEFVRElUX0NPTlRBSU5FUgo+IHdoaWNoIGludHJvZHVjZXMgdGhlIGNvbnRhaW5lciBJ RCBhbmQgdGhlIGFuZCBBVURJVF9DT05UQUlORVJfSU5GTyB3aGljaAo+IGRvY3VtZW50cyB0aGUg cHJlc2VuY2Ugb2YgdGhlIGNvbnRhaW5lciBJRCBpbiBhIHByb2Nlc3MgZXZlbnQgKG9yCj4gcHJv Y2Vzcy1sZXNzIG5ldHdvcmsgZXZlbnQpLiAgQWxsIG90aGVycyBzaG91bGQgdXNlIHRoZSBhdXhp bGlhcnkgcmVjb3JkCj4gQVVESVRfQ09OVEFJTkVSX0lORk8gcmF0aGVyIHRoYW4gaW5jbHVkZSB0 aGUgY29udGlkIGZpZWxkIGRpcmVjdGx5Cj4gaXRzZWxmLiAgVGhlcmUgYXJlIHNldmVyYWwgcmVh c29ucyBmb3IgdGhpcyBpbmNsdWRpbmcgcmVjb3JkIGxlbmd0aCwgdGhlCj4gYWJpbGl0eSB0byBm aWx0ZXIgdW53YW50ZWQgcmVjb3JkcywgdGhlIGRpZmZpY3VsdHkgb2YgY2hhbmdpbmcgdGhlIG9y ZGVyCj4gb2Ygb3IgcmVtb3ZpbmcgZmllbGRzIGluIHRoZSBmdXR1cmUuCj4gCj4gU3lzY2FsbHMg Z2V0IHRoaXMgaW5mb3JtYXRpb24gYXV0b21hdGljYWxseSBpZiB0aGUgY29udGFpbmVyIElEIGlz IHNldAo+IGZvciBhIHRhc2sgdmlhIHRoZSBBVURJVF9DT05UQUlORVJfSU5GTyBhdXhpbGlhcnkg cmVjb3JkLiAgR2VuZXJhbGx5IGEKPiBzeXNjYWxsIGV2ZW50IGlzIG9uZSB0aGF0IHVzZXMgdGhl IHRhc2sncyBhdWRpdF9jb250ZXh0IHdoaWxlIGEKPiBzdGFuZGFsb25lIGV2ZW50IHVzZXMgTlVM TCBvciBidWlsZHMgYSBsb2NhbCBhdWRpdF9jb250ZXh0IHRoYXQgaXMKPiBkaXNjYXJkZWQgaW1t ZWRpYXRlbHkgYWZ0ZXIgdGhlIGxvY2FsIHVzZS4KPiAKPiBMb29raW5nIGF0IHRoZSB0d28gY2Fz ZXMgb2YgQVVESVRfSU5URUdSSVRZX1JVTEUgcmVjb3JkIGdlbmVyYXRpb24sIGl0Cj4gYXBwZWFy cyB0aGF0IHRoZXkgc2hvdWxkIGJlIHNwbGl0IGludG8gdHdvIGRpc3RpbmN0IGF1ZGl0IHJlY29y ZCB0eXBlcy4KPiAKPiBUaGUgcmVjb3JkIGNyZWF0ZWQgaW4gaW1hX2F1ZGl0X21lYXN1cmVtZW50 KCkgaXMgYSBzeXNjYWxsIHJlY29yZCB0aGF0Cj4gY291bGQgcG9zc2libHkgc3RhbmQgb24gaXRz IG93biBzaW5jZSB0aGUgc3ViamVjdCBhdHRyaWJ1dGVzIGFyZQo+IHByZXNlbnQuICBJZiBpdCBy ZW1haW5zIGEgc3lzY2FsbCBhdXhpbGlhcnkgcmVjb3JkIGl0IHdpbGwgYXV0b21hdGljYWxseQo+ IGhhdmUgdGhlIEFVRElUX0NPTlRBSU5FUl9JTkZPIHJlY29yZCBhY2NvbXBhbnkgaXQgYW55d2F5 cy4gIElmIGl0IGlzCj4gZGVjaWRlZCB0byBkZXRhY2ggaXQgKHdoaWNoIHdvdWxkIHNhdmUgY3B1 L25ldGxpbmsvZGlzayBiYW5kd2lkdGggYnV0IGlzCj4gbm90IHJlY29tbWVuZGVkIGR1ZSB0byBu b3Qgd2FudGluZyB0byB0aHJvdyBhd2F5IGFueSBvdGhlciBzeXNjYWxsCj4gaW5mb3JtYXRpb24g b3Igb3RoZXIgaW52b2x2ZWQgcmVjb3JkcyAoUEFUSCwgQ1dELCBldGMuLi4pIHRoZW4gYSBsb2Nh bAo+IGF1ZGl0X2NvbnRleHQgd291bGQgYmUgY3JlYXRlZCBmb3IgdGhlIEFVRElUX0lOVEVHUklU WV9SVUxFIGFuZAo+IEFVRElUX0NPTlRBSU5FUklEX0lORk8gcmVjb3JkcyBvbmx5IGFuZCBpbW1l ZGlhdGVseSBkaXNjYXJkZWQuCj4gCj4gVGhlIHJlY29yZCBjcmVhdGVkIGluIGltYV9wYXJzZV9y dWxlKCkgaXMgbm90IGN1cnJlbnRseSBhIHN5c2NhbGwgcmVjb3JkCj4gc2luY2UgaXQgaXMgcGFz c2VkIGFuIGF1ZGl0X2NvbnRleHQgb2YgTlVMTCBhbmQgaXQgaGFzIGEgdmVyeSBkaWZmZXJlbnQK PiBmb3JtYXQgdGhhdCBkb2VzIG5vdCBpbmNsdWRlIGFueSBzdWJqZWN0IGF0dHJpYnV0ZXMgKGV4 Y2VwdCBzdWJqXyo9KS4KPiBBdCBmaXJzdCBnbGFuY2UgaXQgYXBwZWFycyB0aGlzIG9uZSBzaG91 bGQgYmUgYSBzeXNjYWxsIGFjY29tcGFuaWVkCj4gYXV4aWxpYXJ5IHJlY29yZC4gIEVpdGhlciB3 YXkgaXQgc2hvdWxkIGhhdmUgYW4gQVVESVRfQ09OVEFJTkVSX0lORk8KPiBhdXhpbGlhcnkgcmVj b3JkIGVpdGhlciBieSBiZWluZyBjb252ZXJ0ZWQgdG8gYSBzeXNjYWxsIGF1eGlsaWFyeSByZWNv cmQKPiBieSB1c2luZyBjdXJyZW50LT5hdWRpdF9jb250ZXh0IHJhdGhlciB0aGFuIE5VTEwgd2hl biBjYWxsaW5nCj4gYXVkaXRfbG9nX3N0YXJ0KCksIG9yIGNyZWF0aW5nIGEgbG9jYWwgYXVkaXRf Y29udGV4dCBhbmQgY2FsbGluZwo+IGF1ZGl0X2xvZ19jb250YWluZXJfaW5mbygpIHRoZW4gcmVs ZWFzaW5nIHRoZSBsb2NhbCBjb250ZXh0LiAgVGhpcwo+IHZlcnNpb24gb2YgdGhlIHJlY29yZCBo YXMgYWRkaXRpb25hbCBjb25jZXJucyBjb3ZlcmVkIGhlcmU6Cj4gaHR0cHM6Ly9naXRodWIuY29t L2xpbnV4LWF1ZGl0L2F1ZGl0LWtlcm5lbC9pc3N1ZXMvNTIKPiAKPiBDYW4geW91IGJyaWVmbHkg ZGVzY3JpYmUgdGhlIGNpcmN1bXN0YW5jZXMgdW5kZXIgd2hpY2ggdGhlc2UgdHdvCj4gZGlmZmVy ZW50IGlkZW50aWNhbGx5LW51bWJlcmVkIHJlY29yZHMgYXJlIHByb2R1Y2VkIGFzIGEgZmlyc3Qg c3RlcAo+IHRvd2FyZHMgc3BsaXR0aW5nIHRoZW0gaW50byB0d28gZGlzdGljdCByZWNvcmRzPwoK QWdyZWVkLCB0aGUgdHdvIHVzZXMgc2hvdWxkIHJlYWxseSBiZSBzZXBhcmF0ZWQuIMKgaW1hX3Bh cnNlX3J1bGUoKQpnZW5lcmF0ZXMgYXVkaXQgbWVzc2FnZXMsIHdoZW4gdGhlIElNQSBwb2xpY3kg aXMgaW5pdGlhbGx5IGxvYWRlZCwKcmVwbGFjZWQsIG9yIGV4dGVuZGVkLCB0aGUgcG9saWN5IHJ1 bGVzIGFyZSBpbmNsdWRlZCBpbiB0aGUgYXVkaXQgbG9nLgpXaGVuIElNQSBpcyBuYW1lc3BhY2Vk LCB0aGVyZSB3aWxsIGJlIGEgaG9zdCBwb2xpY3kgYW5kIG5hbWVzcGFjZQpwb2xpY2llcy4gwqBX ZSdsbCBuZWVkIHRvIGJlIGFibGUgZGlmZmVyZW50aWF0ZSBiZXR3ZWVuIHRoZSBob3N0IHBvbGlj eQpydWxlcyBhbmQgSU1BIG5hbWVzcGFjZWQgcG9saWN5IHJ1bGVzLCBhbmQgYmV0d2VlbiBJTUEg bmFtZXNwYWNlZApwb2xpY3kgcnVsZXMuCgpUaGUgYXVkaXQgbWVzc2FnZXMgcHJvZHVjZWQgYnkg aW1hX2F1ZGl0X21lYXN1cmVtZW50KCkgd2VyZSBvcmlnaW5hbGx5CnVwc3RyZWFtZWQgZm9yIGZv cmVuc2ljcywgYW5kIGFzIHNlZW4gYnkgdGhlIEZpcmVFeWUgYmxvZyBhcmUgbm93IHVzZWQKdG8g YXVnbWVudCBleGlzdGluZyBzZWN1cml0eSBhbmFseXRpY3MuIMKgVGhlc2UgcmVjb3JkcyBhcmUg cHJvYmFibHkKYmVpbmcgdXNlZCBpbmRlcGVuZGVudGx5IG9mIGFueSBvdGhlciBhdWRpdCByZWNv cmRzLiDCoEEgc2luZ2xlIHJlY29yZAppcyBnZW5lcmF0ZWQgcGVyIGZpbGUsIHBlciBzeXN0ZW0u IMKgV2l0aCBJTUEgbmFtZXNwYWNpbmcsIHRoZXNlCnJlY29yZHMgbmVlZCB0byBiZSBnZW5lcmF0 ZWQgb25jZSBwZXIgZmlsZSwgcGVyIG5hbWVzcGFjZSBhcyB3ZWxsLiDCoEluCm9yZGVyIHRvIGRp ZmZlcmVudGlhdGUgdGhlIHJlY29yZHMgYmV0d2VlbiB0aGUgaG9zdCBhbmQgbmFtZXNwYWNlLCBh bmQKYmV0d2VlbiBuYW1lc3BhY2VzLCB0aGVzZSByZWNvcmRzIHNob3VsZCBpbmNsdWRlIHRoZSBj b250YWluZXIgaWQuCgpUbyBkaXNhbWJpZ3VhdGUgYmV0d2VlbiB0aGVzZSBhdWRpdCBtZXNzYWdl cyBhbmQgdGhlIHBvbGljeSBydWxlCm1lc3NhZ2VzLCB3ZSBjb3VsZCByZW5hbWUgdGhlc2UgYXVk aXQgbWVzc2FnZXMgdG8gQVVESVRfSU5URUdSSVRZX0lNQS4KCj4gVGhlIGZvdXIgQVVESVRfSU5U RUdSSVRZIF9NRVRBREFUQSwgX1BDUiwgX0RBVEEgYW5kIF9TVEFUVVMgcmVjb3Jkcwo+IGFwcGVh ciB0byBiZSBhbHJlYWR5IHByb3Blcmx5IGNvdmVyZWQgZm9yIEFVRElUX0NPTlRBSU5FUl9JTkZP IHJlY29yZHMKPiBieSBiZWluZyBzeXNjYWxsIGF1eGlsaWFyeSByZWNvcmRzLiAgVGhlIEFVRElU X0lOVEVHUklUWV9IQVNIIHJlY29yZAo+IGFwcGVhcnMgdG8gYmUgdW51c2VkLgoKT2sKCk1pbWkK Cl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCkNvbnRhaW5l cnMgbWFpbGluZyBsaXN0CkNvbnRhaW5lcnNAbGlzdHMubGludXgtZm91bmRhdGlvbi5vcmcKaHR0 cHM6Ly9saXN0cy5saW51eGZvdW5kYXRpb24ub3JnL21haWxtYW4vbGlzdGluZm8vY29udGFpbmVy cw==