Re: patch suggested by rgb for fixing auditd logs for clone syscall shows exit code as container namespace pid of child process instead of host namespace

On Mon, Jan 8, 2018 at 7:53 AM, Richard Guy Briggs wrote: > On 2018-01-05 13:07, Steve Grubb wrote: >> On Friday, January 5, 2018 6:00:01 AM EST madz car wrote: >> > Hi Guys, >> > >> > Please refer to the issue details at github : >> > https://github.com/linux-audit/audit-kernel/issues/68 >> > >>

Re: patch suggested by rgb for fixing auditd logs for clone syscall shows exit code as container namespace pid of child process instead of host namespace

On 2018-01-09 01:01, Richard Guy Briggs wrote: > On 2018-01-08 14:03, Steve Grubb wrote: > > Hello, > > > > On Monday, January 8, 2018 12:49:48 PM EST madz car wrote: > > > Appreciate your response on this issue. However, if you would notice the > > > pid and ppid values in the same log is in the

Re: patch suggested by rgb for fixing auditd logs for clone syscall shows exit code as container namespace pid of child process instead of host namespace

On 2018-01-08 14:03, Steve Grubb wrote: > Hello, > > On Monday, January 8, 2018 12:49:48 PM EST madz car wrote: > > Appreciate your response on this issue. However, if you would notice the > > pid and ppid values in the same log is in the initial namespace, while the > > exit code is in a differen

Re: patch suggested by rgb for fixing auditd logs for clone syscall shows exit code as container namespace pid of child process instead of host namespace

Hello, On Monday, January 8, 2018 12:49:48 PM EST madz car wrote: > Appreciate your response on this issue. However, if you would notice the > pid and ppid values in the same log is in the initial namespace, while the > exit code is in a different namespace. Doesnt this make the audit log > incons

Re: patch suggested by rgb for fixing auditd logs for clone syscall shows exit code as container namespace pid of child process instead of host namespace

Rgb/Steve, Appreciate your response on this issue. However, if you would notice the pid and ppid values in the same log is in the initial namespace, while the exit code is in a different namespace. Doesnt this make the audit log inconsistent? How is an application supposed to analyse the logs when

Re: patch suggested by rgb for fixing auditd logs for clone syscall shows exit code as container namespace pid of child process instead of host namespace

On 2018-01-05 13:07, Steve Grubb wrote: > On Friday, January 5, 2018 6:00:01 AM EST madz car wrote: > > Hi Guys, > > > > Please refer to the issue details at github : > > https://github.com/linux-audit/audit-kernel/issues/68 > > > > Here is a patch as suggested by rgb, i can confirm that it works

Re: patch suggested by rgb for fixing auditd logs for clone syscall shows exit code as container namespace pid of child process instead of host namespace

On Friday, January 5, 2018 6:00:01 AM EST madz car wrote: > Hi Guys, > > Please refer to the issue details at github : > https://github.com/linux-audit/audit-kernel/issues/68 > > Here is a patch as suggested by rgb, i can confirm that it works. By hooking this function, doesn't this change the r

patch suggested by rgb for fixing auditd logs for clone syscall shows exit code as container namespace pid of child process instead of host namespace

Hi Guys, Please refer to the issue details at github : https://github.com/linux-audit/audit-kernel/issues/68 Here is a patch as suggested by rgb, i can confirm that it works. diff --git a/kernel/auditsc.c b/kernel/auditsc.c index ecc23e2..9a78ecb 100644 --- a/kernel/auditsc.c +++ b/kernel/audit