On Wed, Sep 18, 2019 at 9:27 PM Richard Guy Briggs wrote:
> Track the parent container of a container to be able to filter and
> report nesting.
>
> Now that we have a way to track and check the parent container of a
> container, fixup other patches, or squash all nesting fixes together.
>
> fixup
On Wed, Sep 18, 2019 at 9:27 PM Richard Guy Briggs wrote:
> Add the ability to get and set the login uid and to get the session id
> using an audit netlink message using message types AUDIT_GET_LOGINUID
> 1024, AUDIT_SET_LOGINUID 1025 and AUDIT_GET_SESSIONID 1026 in addition
> to using the proc fi
On Wed, Sep 18, 2019 at 9:26 PM Richard Guy Briggs wrote:
> Add the ability to get and set the audit container identifier using an
> audit netlink message using message types AUDIT_SET_CONTID 1023 and
> AUDIT_GET_CONTID 1022 in addition to using the proc filesystem. The
> message format includes
On Wed, Sep 18, 2019 at 9:26 PM Richard Guy Briggs wrote:
> Audit events could happen in a network namespace outside of a task
> context due to packets received from the net that trigger an auditing
> rule prior to being associated with a running task. The network
> namespace could be in use by m
On Wed, Sep 18, 2019 at 9:26 PM Richard Guy Briggs wrote:
> Since the task_is_descendant() function is used in YAMA and in audit,
> pull the function into kernel/core/sched.c
>
> Signed-off-by: Richard Guy Briggs
> ---
> include/linux/sched.h| 3 +++
> kernel/audit.c | 33
On Wed, Sep 18, 2019 at 9:26 PM Richard Guy Briggs wrote:
> Add audit container identifier auxiliary record(s) to NETFILTER_PKT
> event standalone records. Iterate through all potential audit container
> identifiers associated with a network namespace.
>
> Signed-off-by: Richard Guy Briggs
> Ack
On Wed, Sep 18, 2019 at 9:26 PM Richard Guy Briggs wrote:
> ?fixup! audit: convert to contid list to check for orch/engine ownership
?
> Require the target task to be a descendant of the container
> orchestrator/engine.
>
> You would only change the audit container ID from one set or inherited
>
On Wed, Sep 18, 2019 at 9:25 PM Richard Guy Briggs wrote:
> Add audit container identifier support to the action of signalling the
> audit daemon.
>
> Since this would need to add an element to the audit_sig_info struct,
> a new record type AUDIT_SIGNAL_INFO2 was created with a new
> audit_sig_inf
On Wed, Sep 18, 2019 at 9:24 PM Richard Guy Briggs wrote:
> Since we are tracking the life of each audit container indentifier, we
> can match the creation event with the destruction event. Log the
> destruction of the audit container identifier when the last process in
> that container exits.
>
On Fri, Sep 27, 2019 at 8:52 AM Neil Horman wrote:
> On Wed, Sep 18, 2019 at 09:22:23PM -0400, Richard Guy Briggs wrote:
> > Set an arbitrary limit on the number of audit container identifiers to
> > limit abuse.
> >
> > Signed-off-by: Richard Guy Briggs
> > ---
> > kernel/audit.c | 8
>
On Wed, Sep 18, 2019 at 9:24 PM Richard Guy Briggs wrote:
> Store the audit container identifier in a refcounted kernel object that
> is added to the master list of audit container identifiers. This will
> allow multiple container orchestrators/engines to work on the same
> machine without danger
11 matches
Mail list logo