From: Paul Moore <paul-r2n+y4ga6xFZroRs9YW3xA@public.gmane.org> To: Richard Guy Briggs <rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> Cc: cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, luto-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org, jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org, carlos-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org, linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org, LKML <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>, viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org, dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org, Linux-Audit Mailing List <linux-audit-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>, ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org, simo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org, netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Eric Paris <eparis-FjpueFixGhCM4zKIHC2jIg@public.gmane.org> Subject: Re: [RFC PATCH ghak32 V2 11/13] audit: add support for containerid to network namespaces Date: Sat, 21 Apr 2018 08:10:46 -0400 [thread overview] Message-ID: <162e81d2170.280e.85c95baa4474aabc7814e68940a78392@paul-moore.com> (raw) In-Reply-To: <20180420204225.iik2lgtj6gx2ep4w-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org> On April 20, 2018 4:48:34 PM Richard Guy Briggs <rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> wrote: On 2018-04-20 16:22, Paul Moore wrote: On Fri, Apr 20, 2018 at 4:02 PM, Richard Guy Briggs <rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> wrote: On 2018-04-18 21:46, Paul Moore wrote: On Fri, Mar 16, 2018 at 5:00 AM, Richard Guy Briggs <rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> wrote: Audit events could happen in a network namespace outside of a task context due to packets received from the net that trigger an auditing rule prior to being associated with a running task. The network namespace could in use by multiple containers by association to the tasks in that network namespace. We still want a way to attribute these events to any potential containers. Keep a list per network namespace to track these container identifiiers. Add/increment the container identifier on: - initial setting of the container id via /proc - clone/fork call that inherits a container identifier - unshare call that inherits a container identifier - setns call that inherits a container identifier Delete/decrement the container identifier on: - an inherited container id dropped when child set - process exit - unshare call that drops a net namespace - setns call that drops a net namespace See: https://github.com/linux-audit/audit-kernel/issues/32 See: https://github.com/linux-audit/audit-testsuite/issues/64 Signed-off-by: Richard Guy Briggs <rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> --- include/linux/audit.h | 7 +++++++ include/net/net_namespace.h | 12 ++++++++++++ kernel/auditsc.c | 9 ++++++--- kernel/nsproxy.c | 6 ++++++ net/core/net_namespace.c | 45 +++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 76 insertions(+), 3 deletions(-) ... diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c index f6c5d33..d9f1090 100644 --- a/kernel/nsproxy.c +++ b/kernel/nsproxy.c @@ -140,6 +140,7 @@ int copy_namespaces(unsigned long flags, struct task_struct *tsk) struct nsproxy *old_ns = tsk->nsproxy; struct user_namespace *user_ns = task_cred_xxx(tsk, user_ns); struct nsproxy *new_ns; + u64 containerid = audit_get_containerid(tsk); if (likely(!(flags & (CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWIPC | CLONE_NEWPID | CLONE_NEWNET | @@ -167,6 +168,7 @@ int copy_namespaces(unsigned long flags, struct task_struct *tsk) return PTR_ERR(new_ns); tsk->nsproxy = new_ns; + net_add_audit_containerid(new_ns->net_ns, containerid); return 0; } Hopefully we can handle this in audit_net_init(), we just need to figure out where we can get the correct task_struct for the audit container ID (some backpointer in the net struct?). I don't follow. This needs to happen on every task startup. audit_net_init() is only called when a new network namespace starts up. Yep, sorry, my mistake. I must have confused myself when I was looking at the code. I'm thinking out loud here, bear with me ... Assuming we move the netns/audit-container-ID tracking to audit_net, and considering we already have an audit hook in copy_process() (it calls audit_alloc()), would this be better handled by the copy_process() hook? This ignores naming, audit_alloc() reuse, etc.; those can be easily fixed. I'm just thinking of ways to limit our impact on the core kernel and leverage our existing interaction points. The new namespace hasn't been cloned yet and this is the only function where we have access to both namespaces, so I don't see how that could work... I'll take another, closer look, with v3. paul moore - RGB -- Richard Guy Briggs <rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635 -- paul moore www.paul-moore.com
WARNING: multiple messages have this Message-ID (diff)
From: Paul Moore <paul@paul-moore.com> To: Richard Guy Briggs <rgb@redhat.com> Cc: <simo@redhat.com>, <jlayton@redhat.com>, <carlos@redhat.com>, <linux-api@vger.kernel.org>, <containers@lists.linux-foundation.org>, LKML <linux-kernel@vger.kernel.org>, Eric Paris <eparis@parisplace.org>, <dhowells@redhat.com>, "Linux-Audit Mailing List" <linux-audit@redhat.com>, <ebiederm@xmission.com>, <luto@kernel.org>, <netdev@vger.kernel.org>, <linux-fsdevel@vger.kernel.org>, <cgroups@vger.kernel.org>, <serge@hallyn.com>, <viro@zeniv.linux.org.uk> Subject: Re: [RFC PATCH ghak32 V2 11/13] audit: add support for containerid to network namespaces Date: Sat, 21 Apr 2018 08:10:46 -0400 [thread overview] Message-ID: <162e81d2170.280e.85c95baa4474aabc7814e68940a78392@paul-moore.com> (raw) In-Reply-To: <20180420204225.iik2lgtj6gx2ep4w@madcap2.tricolour.ca> On April 20, 2018 4:48:34 PM Richard Guy Briggs <rgb@redhat.com> wrote: On 2018-04-20 16:22, Paul Moore wrote: On Fri, Apr 20, 2018 at 4:02 PM, Richard Guy Briggs <rgb@redhat.com> wrote: On 2018-04-18 21:46, Paul Moore wrote: On Fri, Mar 16, 2018 at 5:00 AM, Richard Guy Briggs <rgb@redhat.com> wrote: Audit events could happen in a network namespace outside of a task context due to packets received from the net that trigger an auditing rule prior to being associated with a running task. The network namespace could in use by multiple containers by association to the tasks in that network namespace. We still want a way to attribute these events to any potential containers. Keep a list per network namespace to track these container identifiiers. Add/increment the container identifier on: - initial setting of the container id via /proc - clone/fork call that inherits a container identifier - unshare call that inherits a container identifier - setns call that inherits a container identifier Delete/decrement the container identifier on: - an inherited container id dropped when child set - process exit - unshare call that drops a net namespace - setns call that drops a net namespace See: https://github.com/linux-audit/audit-kernel/issues/32 See: https://github.com/linux-audit/audit-testsuite/issues/64 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> --- include/linux/audit.h | 7 +++++++ include/net/net_namespace.h | 12 ++++++++++++ kernel/auditsc.c | 9 ++++++--- kernel/nsproxy.c | 6 ++++++ net/core/net_namespace.c | 45 +++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 76 insertions(+), 3 deletions(-) ... diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c index f6c5d33..d9f1090 100644 --- a/kernel/nsproxy.c +++ b/kernel/nsproxy.c @@ -140,6 +140,7 @@ int copy_namespaces(unsigned long flags, struct task_struct *tsk) struct nsproxy *old_ns = tsk->nsproxy; struct user_namespace *user_ns = task_cred_xxx(tsk, user_ns); struct nsproxy *new_ns; + u64 containerid = audit_get_containerid(tsk); if (likely(!(flags & (CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWIPC | CLONE_NEWPID | CLONE_NEWNET | @@ -167,6 +168,7 @@ int copy_namespaces(unsigned long flags, struct task_struct *tsk) return PTR_ERR(new_ns); tsk->nsproxy = new_ns; + net_add_audit_containerid(new_ns->net_ns, containerid); return 0; } Hopefully we can handle this in audit_net_init(), we just need to figure out where we can get the correct task_struct for the audit container ID (some backpointer in the net struct?). I don't follow. This needs to happen on every task startup. audit_net_init() is only called when a new network namespace starts up. Yep, sorry, my mistake. I must have confused myself when I was looking at the code. I'm thinking out loud here, bear with me ... Assuming we move the netns/audit-container-ID tracking to audit_net, and considering we already have an audit hook in copy_process() (it calls audit_alloc()), would this be better handled by the copy_process() hook? This ignores naming, audit_alloc() reuse, etc.; those can be easily fixed. I'm just thinking of ways to limit our impact on the core kernel and leverage our existing interaction points. The new namespace hasn't been cloned yet and this is the only function where we have access to both namespaces, so I don't see how that could work... I'll take another, closer look, with v3. paul moore - RGB -- Richard Guy Briggs <rgb@redhat.com> Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635 -- paul moore www.paul-moore.com
next prev parent reply other threads:[~2018-04-21 12:10 UTC|newest] Thread overview: 147+ messages / expand[flat|nested] mbox.gz Atom feed top 2018-03-16 9:00 [RFC PATCH ghak32 V2 00/13] audit: implement container id Richard Guy Briggs 2018-03-16 9:00 ` Richard Guy Briggs 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 01/13] audit: add " Richard Guy Briggs 2018-03-28 18:39 ` Jonathan Corbet [not found] ` <20180328123912.49b11c98-T1hC0tSOHrs@public.gmane.org> 2018-03-29 9:01 ` Richard Guy Briggs 2018-03-29 9:01 ` Richard Guy Briggs [not found] ` <20180329090132.r3qfomigkw3hbwbw-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org> 2018-03-29 13:03 ` Jonathan Corbet 2018-03-29 13:03 ` Jonathan Corbet 2018-03-30 5:06 ` Richard Guy Briggs 2018-03-30 5:06 ` Richard Guy Briggs [not found] ` <20180329070327.7f4c92c8-T1hC0tSOHrs@public.gmane.org> 2018-03-30 5:06 ` Richard Guy Briggs 2018-04-18 23:47 ` Paul Moore 2018-04-19 0:41 ` Casey Schaufler [not found] ` <32d3e7a6-36f0-571a-bb91-67f746c7eafa-iSGtlc1asvQWG2LlvL+J4A@public.gmane.org> 2018-04-19 0:46 ` Paul Moore 2018-04-19 0:46 ` Paul Moore [not found] ` <CAHC9VhTz-pr-iUVv-+R3ShwEKSHDsweDGuN7255HV7Cu3ZYPEw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2018-04-19 1:15 ` Casey Schaufler 2018-04-19 1:15 ` Casey Schaufler [not found] ` <CAHC9VhTyvxxj2e2Gn+iyW6iLLeYB7hp8a+JvfeMmJ2nUPqtEaw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2018-04-19 0:41 ` Casey Schaufler 2018-04-21 14:34 ` Richard Guy Briggs 2018-05-06 16:51 ` Richard Guy Briggs 2018-04-21 14:34 ` Richard Guy Briggs 2018-04-23 23:15 ` Paul Moore 2018-04-24 2:02 ` Richard Guy Briggs 2018-04-24 19:01 ` Paul Moore 2018-04-25 0:40 ` Richard Guy Briggs 2018-04-26 22:47 ` Paul Moore [not found] ` <20180425004031.zutsno6hvmpq3crd-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org> 2018-04-26 22:47 ` Paul Moore [not found] ` <CAHC9VhSZd7V9avx6K5g6CQ7mkj1T8ti7Nqq=OoWVwPznkesD1w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2018-04-25 0:40 ` Richard Guy Briggs [not found] ` <20180424020200.imonhbkwtb73luxl-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org> 2018-04-24 19:01 ` Paul Moore [not found] ` <CAHC9VhQkJBU-f-AuEnGF1BA2QW6nCJ_yr_EqBR02-1y9+XQZ5A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2018-04-24 2:02 ` Richard Guy Briggs [not found] ` <20180421143443.faaput5g2rn6ul7p-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org> 2018-04-23 23:15 ` Paul Moore 2018-05-06 16:51 ` Richard Guy Briggs [not found] ` <e284617ad667ad8f17958dd8babb87fe1b4d7205.1521179281.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2018-03-28 18:39 ` Jonathan Corbet 2018-04-18 23:47 ` Paul Moore 2018-05-17 21:00 ` Steve Grubb 2018-05-17 21:00 ` Steve Grubb 2018-05-17 21:56 ` Richard Guy Briggs [not found] ` <20180517215600.dyswlkvqdtgjwr5y-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org> 2018-05-18 13:56 ` Steve Grubb 2018-05-18 13:56 ` Steve Grubb 2018-05-18 15:21 ` Richard Guy Briggs [not found] ` <20180518152106.do5b3mu6e6eyvo7q-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org> 2018-05-18 15:38 ` Steve Grubb 2018-05-18 15:38 ` Steve Grubb 2018-05-18 15:21 ` Richard Guy Briggs 2018-05-17 21:56 ` Richard Guy Briggs 2018-06-01 21:04 ` Richard Guy Briggs 2018-06-04 16:09 ` Steve Grubb 2018-06-04 20:23 ` Richard Guy Briggs 2018-06-04 20:30 ` Richard Guy Briggs 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 03/13] audit: log container info of syscalls Richard Guy Briggs 2018-05-17 21:09 ` Steve Grubb 2018-05-17 21:41 ` Richard Guy Briggs 2018-05-17 21:41 ` Richard Guy Briggs 2018-05-21 19:19 ` Steve Grubb [not found] ` <20180517214102.qhg4gofwrbsn2eru-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org> 2018-05-21 19:19 ` Steve Grubb [not found] ` <6768d20c636df65534f8d325529669bb30a58382.1521179281.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2018-05-17 21:09 ` Steve Grubb 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 04/13] audit: add containerid filtering Richard Guy Briggs 2018-04-19 0:24 ` Paul Moore 2018-04-19 12:17 ` Richard Guy Briggs [not found] ` <CAHC9VhRVGTCVJxG3Etcs-aOpr71A7xGsn5VPhskUG35rmQ7WUw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2018-04-19 12:17 ` Richard Guy Briggs [not found] ` <b933f93762435990e9b1e6d5aebf15f186ac8951.1521179281.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2018-04-19 0:24 ` Paul Moore 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 06/13] audit: add support for non-syscall auxiliary records Richard Guy Briggs 2018-04-19 0:39 ` Paul Moore [not found] ` <CAHC9VhQbPbnrbxCD1fyTSxWgrXXXYnZw_=nbOhfMCO5Q5eSsWQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2018-04-20 1:23 ` Richard Guy Briggs 2018-04-20 1:23 ` Richard Guy Briggs [not found] ` <20180420012346.udnga5pfdjoazcfc-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org> 2018-04-20 16:21 ` Paul Moore 2018-04-20 16:21 ` Paul Moore [not found] ` <ee2a945fb09a939b3c214f45e49dab6a770d83e6.1521179281.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2018-04-19 0:39 ` Paul Moore 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 08/13] audit: add containerid support for tty_audit Richard Guy Briggs 2018-03-16 9:00 ` Richard Guy Briggs 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 09/13] audit: add containerid support for config/feature/user records Richard Guy Briggs 2018-03-16 9:00 ` Richard Guy Briggs 2018-04-19 1:27 ` Paul Moore [not found] ` <CAHC9VhQ-i5oA48sXXnN2fP06t5=9-NMoY0bKcGXorQw2k=CK0Q-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2018-04-19 12:31 ` Richard Guy Briggs 2018-04-19 12:31 ` Richard Guy Briggs 2018-04-19 12:59 ` Paul Moore [not found] ` <20180419123109.ab7gsnwrbtog4tbf-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org> 2018-04-19 12:59 ` Paul Moore [not found] ` <c34a7a95eb045a62e2443457979db9d7afbd9aee.1521179281.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2018-04-19 1:27 ` Paul Moore 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 11/13] audit: add support for containerid to network namespaces Richard Guy Briggs 2018-04-19 1:46 ` Paul Moore 2018-04-20 20:02 ` Richard Guy Briggs 2018-04-20 20:22 ` Paul Moore 2018-04-20 20:42 ` Richard Guy Briggs [not found] ` <20180420204225.iik2lgtj6gx2ep4w-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org> 2018-04-21 12:10 ` Paul Moore [this message] 2018-04-21 12:10 ` Paul Moore [not found] ` <CAHC9VhTOYUAyCJidm99som6FVmjouQUGsEHarQ4h_NhwJxQQfw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2018-04-20 20:42 ` Richard Guy Briggs [not found] ` <20180420200226.7tyxzuovdbgclw3m-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org> 2018-04-20 20:22 ` Paul Moore [not found] ` <CAHC9VhRkstDMjd5T3w+iOUDjzDAs1AOm0xd3p6v_xn6fNGYQhA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2018-04-20 20:02 ` Richard Guy Briggs [not found] ` <11b43a498e768a14764594c808a96b34d52be0af.1521179281.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2018-04-19 1:46 ` Paul Moore 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 12/13] audit: NETFILTER_PKT: record each container ID associated with a netNS Richard Guy Briggs 2018-04-19 2:10 ` Paul Moore [not found] ` <CAHC9VhR3BNRr24BPxud0X_eyFmSxUOh9bwjWNU4Z=rnDR0fENA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2018-04-19 12:45 ` Richard Guy Briggs 2018-04-19 12:45 ` Richard Guy Briggs [not found] ` <20180419124550.7uknp4oebvwoo67s-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org> 2018-04-19 13:13 ` Paul Moore 2018-04-19 13:13 ` Paul Moore [not found] ` <66adde01c1dda792aff99a457eea576a0b08ca98.1521179281.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2018-04-19 2:10 ` Paul Moore 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 13/13] debug audit: read container ID of a process Richard Guy Briggs 2018-03-16 9:00 ` Richard Guy Briggs [not found] ` <1081821010c124fe4e35984ec3dac1654453bb7c.1521179281.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2018-05-21 19:16 ` Steve Grubb 2018-05-21 19:16 ` Steve Grubb 2018-05-21 19:19 ` Eric W. Biederman 2018-05-21 19:19 ` Eric W. Biederman 2018-05-21 20:06 ` Paul Moore [not found] ` <CAHC9VhQruN88t-R9Qo3e4hwCZ58RAyrmEmH1nY4RR6NZaiBzGQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2018-05-22 17:35 ` Richard Guy Briggs 2018-05-22 17:35 ` Richard Guy Briggs [not found] ` <20180522173541.slcdszumi7q6c4id-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org> 2018-05-22 18:59 ` Paul Moore 2018-05-22 18:59 ` Paul Moore [not found] ` <87muwshl4z.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> 2018-05-21 20:06 ` Paul Moore [not found] ` <cover.1521179281.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 01/13] audit: add container id Richard Guy Briggs 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 02/13] audit: check children and threading before allowing containerid Richard Guy Briggs 2018-03-16 9:00 ` Richard Guy Briggs [not found] ` <995b77557010b2f9aed0e10435f7b8536df7a5db.1521179281.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2018-04-19 0:11 ` Paul Moore 2018-04-19 0:11 ` Paul Moore 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 03/13] audit: log container info of syscalls Richard Guy Briggs 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 04/13] audit: add containerid filtering Richard Guy Briggs 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 05/13] audit: add containerid support for ptrace and signals Richard Guy Briggs 2018-03-16 9:00 ` Richard Guy Briggs 2018-04-19 0:32 ` Paul Moore 2018-04-20 1:03 ` Richard Guy Briggs 2018-04-20 16:13 ` Paul Moore [not found] ` <20180420010320.panie6mtdafxl65y-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org> 2018-04-20 16:13 ` Paul Moore [not found] ` <CAHC9VhTy4fX1hYfD5tppbP-fRaVRMXOfeJ=Et96J_rc7Jw12Bw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2018-04-20 1:03 ` Richard Guy Briggs [not found] ` <8c7ff567377f4a83edac48e962c1b5b824b523c8.1521179281.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2018-04-19 0:32 ` Paul Moore 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 06/13] audit: add support for non-syscall auxiliary records Richard Guy Briggs 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 07/13] audit: add container aux record to watch/tree/mark Richard Guy Briggs 2018-03-16 9:00 ` Richard Guy Briggs 2018-04-19 0:42 ` Paul Moore 2018-04-19 12:24 ` Richard Guy Briggs [not found] ` <CAHC9VhTzp-r2TFytt1zTEpeGK=O5dEnLPFw-CdsM1ttpY0a30g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2018-04-19 12:24 ` Richard Guy Briggs [not found] ` <737f914a88d048b9985984c0ce1f946c30ca374c.1521179281.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2018-04-19 0:42 ` Paul Moore 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 08/13] audit: add containerid support for tty_audit Richard Guy Briggs 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 09/13] audit: add containerid support for config/feature/user records Richard Guy Briggs 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 10/13] audit: add containerid support for seccomp and anom_abend records Richard Guy Briggs 2018-03-16 9:00 ` Richard Guy Briggs 2018-04-19 1:31 ` Paul Moore [not found] ` <CAHC9VhS6MKoLkzpfcmYBSNnvrtbL2FOF5PX9uOfivSVEWykkQg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2018-04-20 0:42 ` Richard Guy Briggs 2018-04-20 0:42 ` Richard Guy Briggs [not found] ` <20180420004218.tgndd474wgueyjzk-bcJWsdo4jJjeVoXN4CMphl7TgLCtbB0G@public.gmane.org> 2018-04-20 16:11 ` Paul Moore 2018-04-20 16:11 ` Paul Moore [not found] ` <11174597083f89352f1d6491ec94e27f882625d9.1521179281.git.rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2018-04-19 1:31 ` Paul Moore 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 11/13] audit: add support for containerid to network namespaces Richard Guy Briggs 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 12/13] audit: NETFILTER_PKT: record each container ID associated with a netNS Richard Guy Briggs 2018-03-16 9:00 ` [RFC PATCH ghak32 V2 13/13] debug audit: read container ID of a process Richard Guy Briggs 2018-05-30 13:20 ` [RFC PATCH ghak32 V2 00/13] audit: implement container id Steve Grubb 2018-05-30 13:20 ` Steve Grubb 2018-05-30 17:33 ` Richard Guy Briggs 2018-05-30 17:33 ` Richard Guy Briggs 2018-05-30 17:33 ` Richard Guy Briggs
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=162e81d2170.280e.85c95baa4474aabc7814e68940a78392@paul-moore.com \ --to=paul-r2n+y4ga6xfzrors9yw3xa@public.gmane.org \ --cc=carlos-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \ --cc=cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \ --cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \ --cc=dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \ --cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \ --cc=eparis-FjpueFixGhCM4zKIHC2jIg@public.gmane.org \ --cc=jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \ --cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \ --cc=linux-audit-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \ --cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \ --cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \ --cc=luto-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \ --cc=netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \ --cc=rgb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \ --cc=simo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \ --cc=viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.