Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp6322673ybi; Wed, 29 May 2019 06:16:41 -0700 (PDT) X-Google-Smtp-Source: APXvYqyGRVR7r6FaY9N5FUkRrFduDTWs41XT6rd2Ac4NDgTo3iZD60e1d0RYMF9fGlKTyP3htQp8 X-Received: by 2002:a65:5344:: with SMTP id w4mr50883985pgr.8.1559135801061; Wed, 29 May 2019 06:16:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559135801; cv=none; d=google.com; s=arc-20160816; b=IetauC4tzOqXPm/dpVtPb2hyHfiVCk74PWr4h388vU0U6JWThNkC1khlUsbTCBeiij xXUL21DXN/WCySuRI6TCJC8CDaN2NDXSJzcaxPDd0PQuwwGleg6/MeygDrr/IUXW5rp1 ZR8G4mWzO69BeQoHGP9ZAjMjuS26KbiufT1CKIZMx4NjKR+RjG0qwqzIf6+31b0HCouq SpwoyeRCboCopKYVT4JtVaAkFyqbHOG3IcKxpzpAV2TuhovTP6x1711Zj6fTNa2hKwWu zwIA74OzQKxwdb+vnUHyaR5ymA9jbBrxxskBr6riSE9+fJWwxcBFL7j0CrMHKs+KU656 VTYg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=zo8/tL88lhYZ8ZmjXhe5I0ivQ63AMHIIXfJiG0SngrI=; b=DHjBa5X3Y9XUsfFXrwQhlGE+mUfFIeSBvVqsuwZq29XHen6Nr4ZqLdVsju7pSm6bIX DbX1ajS5hVFpZaZg/LWtlXrJ7zykvYszEssPm4Utm6aTx2Lg7FHxoseHjvTtXxOxFcCX Z8yqBS3Ojh6vOaJaftLXOXRYWCHv0fVIRz0s9cjGDzh4H6Vl/4UnRSBlyP0zbh+qsx1N thxEjr/QImTGO7tKc/YEWpSW4brdJVauWRRh2uo32PbkP71k4BlgwgQ2Vdd4kI+kZPGc lf/8kDHlMk3UK99lFzq1vriRHXEBuY2I4u/HnsaWFiQTBd/LmjyqjKXDlxtBsCmuHvZx VXxg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=WcqJPV36; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id bc7si25218445plb.108.2019.05.29.06.16.21; Wed, 29 May 2019 06:16:41 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=WcqJPV36; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727126AbfE2NO5 (ORCPT + 99 others); Wed, 29 May 2019 09:14:57 -0400 Received: from mail-lf1-f67.google.com ([209.85.167.67]:34210 "EHLO mail-lf1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727066AbfE2NO4 (ORCPT ); Wed, 29 May 2019 09:14:56 -0400 Received: by mail-lf1-f67.google.com with SMTP id v18so2048640lfi.1 for ; Wed, 29 May 2019 06:14:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=zo8/tL88lhYZ8ZmjXhe5I0ivQ63AMHIIXfJiG0SngrI=; b=WcqJPV36GoYCJyCKWssunS/8jjCOcm7506dwRBLhvYgsNR0UdI2bR6S+PaChd3NF+e P+/GUrP8I1gxdIuXwHh6CxrPM6FsQK897PtueXW2sc688u6UEVtahdPaDHpbLdURczG/ exuh5TP/Fn7NuWWJubwb5BOU06YIqB0/o8baMnCRHH/ihY5uaT1si7LXcC8p9MWXL18d oOzuzN3xy5AjXeHWyQmqeSM1pM2ZeR9RQEvA5xn86EDD7CpzITSwgBRLK8NSiZHIhZG2 4dGKz3NjhIgq/QlLySTSs2ZLnXWGPjQaDD2AF5PW0kac6rHkp3GF9xtJmzZ2Gi7XnFzZ e6Cw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=zo8/tL88lhYZ8ZmjXhe5I0ivQ63AMHIIXfJiG0SngrI=; b=Ls6ULa/ri8kfVTHTQeu35CEzIVd34hD852uw4wTejDWI+bep3+hE+/afynH23jRTJ4 CfYtQWYcGSSdXHGwsq67ri/An2vIgAhPKeUEQEruyRRqqLUK4aUVVYZt1pT+dmxdoqkj dgWQtU0WXnnKrZQ9REPxeoUpLdLyYBbTZZWW+fM3HiWud4t5PEbpmblpv8o1O/2llNBG Uh+JNmu2qzKkCNoJw+9k7iN7cWXZAtf8eysap5LXEsvsYFhxRybDnS8RE9BriGooTaDE CJbfgdCjrwX6pJAdqJmhU+Ehz8QxnJHvQRfbcx0QbXSPxPLH3h5NkSxnnIHq2XAEhXQG VyXw== X-Gm-Message-State: APjAAAWCxAgsBnDB1tIWdtBqGUCu2Xdhg3+Nowwg9jauW0Skq21sLaiE wThnMUZsuaxhUDs1h7Q6lQFAkNEw6Y7BRwFIsBZN X-Received: by 2002:ac2:4358:: with SMTP id o24mr5608001lfl.13.1559135695377; Wed, 29 May 2019 06:14:55 -0700 (PDT) MIME-Version: 1.0 References: <509ea6b0-1ac8-b809-98c2-37c34dd98ca3@redhat.com> <3299293.RYyUlNkVNy@x2> <20190529004352.vvicec7nnk6pvkwt@madcap2.tricolour.ca> In-Reply-To: <20190529004352.vvicec7nnk6pvkwt@madcap2.tricolour.ca> From: Paul Moore Date: Wed, 29 May 2019 09:14:44 -0400 Message-ID: Subject: Re: [PATCH ghak90 V6 00/10] audit: implement container identifier To: Richard Guy Briggs , Steve Grubb Cc: Dan Walsh , Neil Horman , containers@lists.linux-foundation.org, linux-api@vger.kernel.org, Linux-Audit Mailing List , linux-fsdevel@vger.kernel.org, LKML , netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, omosnace@redhat.com, dhowells@redhat.com, simo@redhat.com, Eric Paris , Serge Hallyn , ebiederm@xmission.com, Mrunal Patel Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, May 28, 2019 at 8:44 PM Richard Guy Briggs wrote: > On 2019-05-28 19:00, Steve Grubb wrote: > > On Tuesday, May 28, 2019 6:26:47 PM EDT Paul Moore wrote: > > > On Tue, May 28, 2019 at 5:54 PM Daniel Walsh wrote: ... > > > > Mrunal Patel (maintainer of CRI-O) and I have reviewed the API, and > > > > believe this is something we can work on in the container runtimes team > > > > to implement the container auditing code in CRI-O and Podman. > > > > > > Thanks Dan. If I pulled this into a branch and built you some test > > > kernels to play with, any idea how long it might take to get a proof > > > of concept working on the cri-o side? > > > > We'd need to merge user space patches and let them use that instead of the > > raw interface. I'm not going to merge user space until we are pretty sure the > > patch is going into the kernel. > > I have an f29 test rpm of the userspace bits if that helps for testing: > http://people.redhat.com/~rbriggs/ghak90/git-1db7e21/ > > Here's what it contains (minus the last patch): > https://github.com/linux-audit/audit-userspace/compare/master...rgbriggs:ghau40-containerid-filter.v7.0 Yes, exactly. Just as I plan to start making some test kernels for people to play with (assuming v6 looks okay), I think it would be good if Steve could make a test build of the latest audit userspace with the audit container ID patches. It really shouldn't be that hard, and the benefits should far outweigh any time spent generating the tree/builds. -- paul moore www.paul-moore.com