On Sun, Nov 15, 2020 at 5:43 AM Christian Brauner <christian.brau...@ubuntu.com> wrote: > > Audit will sometimes log the inode's i_uid and i_gid. Enable audit to log the > mapped inode when it is accessed from an idmapped mount.
I mentioned this in an earlier patch in this patchset, but it is worth repeating here: audit currently records information in the context of the initial/host namespace and I believe it should probably stay that way until the rest of the namespace smarts that Richard is working on is merged. If we do change the context of the inode's UID and GID information it has the potential to create a rather odd looking audit record with inconsistent credentials and the filters would yield some very interesting results. > Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com> > --- > /* v2 */ > unchanged > --- > fs/namei.c | 14 +++++++------- > include/linux/audit.h | 10 ++++++---- > ipc/mqueue.c | 8 ++++---- > kernel/auditsc.c | 26 ++++++++++++++------------ > 4 files changed, 31 insertions(+), 27 deletions(-) -- paul moore www.paul-moore.com -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
