Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1754055AbeAJG5s (ORCPT <rfc822;ralf@linux-mips.org> + 1 other);
        Wed, 10 Jan 2018 01:57:48 -0500
Received: from mx1.redhat.com ([209.132.183.28]:39468 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1753990AbeAJG5k (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 10 Jan 2018 01:57:40 -0500
Date: Wed, 10 Jan 2018 01:54:45 -0500
From: Richard Guy Briggs <rgb@redhat.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: cgroups@vger.kernel.org,
        Linux Containers <containers@lists.linux-foundation.org>,
        Linux API <linux-api@vger.kernel.org>,
        Linux Audit <linux-audit@redhat.com>,
        Linux FS Devel <linux-fsdevel@vger.kernel.org>,
        Linux Kernel <linux-kernel@vger.kernel.org>,
        Linux Network Development <netdev@vger.kernel.org>,
        Simo Sorce <simo@redhat.com>,
        Carlos O'Donell <carlos@redhat.com>,
        Aristeu Rozanski <arozansk@redhat.com>,
        David Howells <dhowells@redhat.com>,
        Eric Paris <eparis@parisplace.org>,
        Daniel Walsh <dwalsh@redhat.com>, jlayton@redhat.com,
        Andy Lutomirski <luto@kernel.org>, mszeredi@redhat.com,
        Paul Moore <pmoore@redhat.com>,
        "Serge E. Hallyn" <serge@hallyn.com>,
        Steve Grubb <sgrubb@redhat.com>, trondmy@primarydata.com,
        Al Viro <viro@zeniv.linux.org.uk>, Madz Car <madzcar@gmail.com>
Subject: Re: RFC(V3): Audit Kernel Container IDs
Message-ID: <20180110065445.d2i4uuwnf44gvbl5@madcap2.tricolour.ca>
References: <20180109121620.wi7dq2423ugsraqv@madcap2.tricolour.ca>
 <87k1wqcykw.fsf@xmission.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <87k1wqcykw.fsf@xmission.com>
User-Agent: NeoMutt/20171027
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Wed, 10 Jan 2018 06:57:39 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>

On 2018-01-09 19:05, Eric W. Biederman wrote:
> Please let's have a description of the problem you are trying to solve.

I thought the first sentence of the second paragraph summed it up rather
well.

Here are the elaborated motivations:

- Filter unwanted, irrelevant or unimportant messages before they fill
  queue so important messages don't get lost.  This is a certification
  requirement.

- Make security claims about containers, require tracking of actions
  within those containers to ensure compliance with established security
  policies.

- Route messages from events to local audit daemon instance or host
  audit daemon instance

- Tried nsIDs, but insufficient for efficient filtering, routing,
  tracking

> A proposed solution without talking about the problem space is useless.
> Any proposed solution could potentially work.
> 
> I know to these exist.  There is motivation for your work.
> What is the motivation?
> What problem are you trying to solve?
> 
> In particular what information are you trying to get into logs that you
> can not get into the logs today?
> 
> I am going to try to give this the attention it deserves but right now I
> am having to deal with half thought out patches for information leaks
> from speculative code paths, so I won't be able to give this much
> attention for a little bit.
> 
> Eric

- RGB

--
Richard Guy Briggs <rgb@redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635