Received: by 10.223.176.5 with SMTP id f5csp253117wra;
        Fri, 2 Feb 2018 22:06:15 -0800 (PST)
X-Google-Smtp-Source: AH8x225/WejsrPWgj0KuJZIR8whG3HewAYaGagERvlmKfby3fHaPDl3P20wymkSHlxDW3qymNOWO
X-Received: by 2002:a17:902:bc01:: with SMTP id n1-v6mr6460237pls.52.1517637975196;
        Fri, 02 Feb 2018 22:06:15 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517637975; cv=none;
        d=google.com; s=arc-20160816;
        b=KfpzZBf+UNn7k6OjPfLVhA/m3qoz0dxZwXIPQEO1kDYE+ghwHPi4iHD7+pnQegydVw
         4W/bxWOu3XVigv1HdqVkV9OU7keZfTFse+6O+BDT9OvL6C8el0aMrFsgCg8s3qp6rNgV
         hy01ye4VZ/O40RL9jA9QRIhN74NbIMsoqtkeyfMONlj4gevE3PpsV8wnkROQU8Hlvv4I
         zgEVNZio0q00HCLYfe6u2s82i/doKdagIFIG6new+iWDf+KIbi3QghKnq4DZkhPJ5/SJ
         Co+m68WusgzkM8Yh+Xl6Iu98eKYFdEV/2s0uxbAOw/gRUfSWMnvWLSN176P6TyPpxn5A
         vfYA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:arc-authentication-results;
        bh=iETh4JKwjT3ON7nO/kF60HJrcpyaOIyVIpN5/J5ViXU=;
        b=SNg1ghLrmm2bbSaa8FRE92ul1A03Yyn38q5u5+QiXw+XdktoQRR39o9DGuPyeeW9gk
         Bg4Bq1jyLSJEthLx0oZBOhYvKfk+ywQo0jOAkQS8ZXT4bj4wUPWtMOnj7prYQSb+ryju
         UgOD6jsuvMM6Xmg8VWdt6fUm5r2Vn8WQF5+X8o7qnW09aKETLFnMh0ugOV73xQ9odaQ8
         y2MIUAfcAU6Q3J7eZGYST6N0jsDVS347jGkYjzQ2hNahc54/u5EJCQW40vSqQ7bIEzVF
         DBLMFGFX6y8fJ466KUeLSCy7M9VtyIJravN3dqq6VkBOQZP6JBhOzqhBeIIpiec4iFVm
         rVLg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id i8-v6si3162571plr.97.2018.02.02.22.05.28;
        Fri, 02 Feb 2018 22:06:15 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751989AbeBCB5a (ORCPT <rfc822;huangweiredhat@gmail.com>
        + 99 others); Fri, 2 Feb 2018 20:57:30 -0500
Received: from h2.hallyn.com ([78.46.35.8]:36452 "EHLO h2.hallyn.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751530AbeBCB5X (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 2 Feb 2018 20:57:23 -0500
Received: by h2.hallyn.com (Postfix, from userid 1001)
        id 9F9C81205EF; Fri,  2 Feb 2018 19:57:21 -0600 (CST)
Date:   Fri, 2 Feb 2018 19:57:21 -0600
From:   "Serge E. Hallyn" <serge@hallyn.com>
To:     Paul Moore <paul@paul-moore.com>
Cc:     Richard Guy Briggs <rgb@redhat.com>, cgroups@vger.kernel.org,
        Linux Containers <containers@lists.linux-foundation.org>,
        Linux API <linux-api@vger.kernel.org>,
        Linux Audit <linux-audit@redhat.com>,
        Linux FS Devel <linux-fsdevel@vger.kernel.org>,
        Linux Kernel <linux-kernel@vger.kernel.org>,
        Linux Network Development <netdev@vger.kernel.org>,
        mszeredi@redhat.com, Andy Lutomirski <luto@kernel.org>,
        jlayton@redhat.com, Carlos O'Donell <carlos@redhat.com>,
        Al Viro <viro@zeniv.linux.org.uk>,
        David Howells <dhowells@redhat.com>,
        Simo Sorce <simo@redhat.com>, trondmy@primarydata.com,
        Eric Paris <eparis@parisplace.org>,
        "Serge E. Hallyn" <serge@hallyn.com>,
        "Eric W. Biederman" <ebiederm@xmission.com>
Subject: Re: RFC(V3): Audit Kernel Container IDs
Message-ID: <20180203015721.GB27295@mail.hallyn.com>
References: <20180109121620.wi7dq2423ugsraqv@madcap2.tricolour.ca>
 <CAHC9VhQ5ciUZDhrsb6S4YxwuzQEY-ra2RTDceWXOdjHEBoZ0BQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAHC9VhQ5ciUZDhrsb6S4YxwuzQEY-ra2RTDceWXOdjHEBoZ0BQ@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Feb 02, 2018 at 05:05:22PM -0500, Paul Moore wrote:
> On Tue, Jan 9, 2018 at 7:16 AM, Richard Guy Briggs <rgb@redhat.com> wrote:
> > Containers are a userspace concept.  The kernel knows nothing of them.
> >
> > The Linux audit system needs a way to be able to track the container
> > provenance of events and actions.  Audit needs the kernel's help to do
> > this.
> 
> Two small comments below, but I tend to think we are at a point where
> you can start cobbling together some prototype/RFC patches.  Surely

Agreed.

LGTM.

> there are going to be a few changes, and new comments, that come out
> once we see an initial implementation so let's see what those are.

thanks,
-serge