Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp6322673ybi;
        Wed, 29 May 2019 06:16:41 -0700 (PDT)
X-Google-Smtp-Source: APXvYqyGRVR7r6FaY9N5FUkRrFduDTWs41XT6rd2Ac4NDgTo3iZD60e1d0RYMF9fGlKTyP3htQp8
X-Received: by 2002:a65:5344:: with SMTP id w4mr50883985pgr.8.1559135801061;
        Wed, 29 May 2019 06:16:41 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1559135801; cv=none;
        d=google.com; s=arc-20160816;
        b=IetauC4tzOqXPm/dpVtPb2hyHfiVCk74PWr4h388vU0U6JWThNkC1khlUsbTCBeiij
         xXUL21DXN/WCySuRI6TCJC8CDaN2NDXSJzcaxPDd0PQuwwGleg6/MeygDrr/IUXW5rp1
         ZR8G4mWzO69BeQoHGP9ZAjMjuS26KbiufT1CKIZMx4NjKR+RjG0qwqzIf6+31b0HCouq
         SpwoyeRCboCopKYVT4JtVaAkFyqbHOG3IcKxpzpAV2TuhovTP6x1711Zj6fTNa2hKwWu
         zwIA74OzQKxwdb+vnUHyaR5ymA9jbBrxxskBr6riSE9+fJWwxcBFL7j0CrMHKs+KU656
         VTYg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=zo8/tL88lhYZ8ZmjXhe5I0ivQ63AMHIIXfJiG0SngrI=;
        b=DHjBa5X3Y9XUsfFXrwQhlGE+mUfFIeSBvVqsuwZq29XHen6Nr4ZqLdVsju7pSm6bIX
         DbX1ajS5hVFpZaZg/LWtlXrJ7zykvYszEssPm4Utm6aTx2Lg7FHxoseHjvTtXxOxFcCX
         Z8yqBS3Ojh6vOaJaftLXOXRYWCHv0fVIRz0s9cjGDzh4H6Vl/4UnRSBlyP0zbh+qsx1N
         thxEjr/QImTGO7tKc/YEWpSW4brdJVauWRRh2uo32PbkP71k4BlgwgQ2Vdd4kI+kZPGc
         lf/8kDHlMk3UK99lFzq1vriRHXEBuY2I4u/HnsaWFiQTBd/LmjyqjKXDlxtBsCmuHvZx
         VXxg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=WcqJPV36;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id bc7si25218445plb.108.2019.05.29.06.16.21;
        Wed, 29 May 2019 06:16:41 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=WcqJPV36;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727126AbfE2NO5 (ORCPT <rfc822;learnos2017@gmail.com>
        + 99 others); Wed, 29 May 2019 09:14:57 -0400
Received: from mail-lf1-f67.google.com ([209.85.167.67]:34210 "EHLO
        mail-lf1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727066AbfE2NO4 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 29 May 2019 09:14:56 -0400
Received: by mail-lf1-f67.google.com with SMTP id v18so2048640lfi.1
        for <linux-kernel@vger.kernel.org>; Wed, 29 May 2019 06:14:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=paul-moore-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=zo8/tL88lhYZ8ZmjXhe5I0ivQ63AMHIIXfJiG0SngrI=;
        b=WcqJPV36GoYCJyCKWssunS/8jjCOcm7506dwRBLhvYgsNR0UdI2bR6S+PaChd3NF+e
         P+/GUrP8I1gxdIuXwHh6CxrPM6FsQK897PtueXW2sc688u6UEVtahdPaDHpbLdURczG/
         exuh5TP/Fn7NuWWJubwb5BOU06YIqB0/o8baMnCRHH/ihY5uaT1si7LXcC8p9MWXL18d
         oOzuzN3xy5AjXeHWyQmqeSM1pM2ZeR9RQEvA5xn86EDD7CpzITSwgBRLK8NSiZHIhZG2
         4dGKz3NjhIgq/QlLySTSs2ZLnXWGPjQaDD2AF5PW0kac6rHkp3GF9xtJmzZ2Gi7XnFzZ
         e6Cw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=zo8/tL88lhYZ8ZmjXhe5I0ivQ63AMHIIXfJiG0SngrI=;
        b=Ls6ULa/ri8kfVTHTQeu35CEzIVd34hD852uw4wTejDWI+bep3+hE+/afynH23jRTJ4
         CfYtQWYcGSSdXHGwsq67ri/An2vIgAhPKeUEQEruyRRqqLUK4aUVVYZt1pT+dmxdoqkj
         dgWQtU0WXnnKrZQ9REPxeoUpLdLyYBbTZZWW+fM3HiWud4t5PEbpmblpv8o1O/2llNBG
         Uh+JNmu2qzKkCNoJw+9k7iN7cWXZAtf8eysap5LXEsvsYFhxRybDnS8RE9BriGooTaDE
         CJbfgdCjrwX6pJAdqJmhU+Ehz8QxnJHvQRfbcx0QbXSPxPLH3h5NkSxnnIHq2XAEhXQG
         VyXw==
X-Gm-Message-State: APjAAAWCxAgsBnDB1tIWdtBqGUCu2Xdhg3+Nowwg9jauW0Skq21sLaiE
        wThnMUZsuaxhUDs1h7Q6lQFAkNEw6Y7BRwFIsBZN
X-Received: by 2002:ac2:4358:: with SMTP id o24mr5608001lfl.13.1559135695377;
 Wed, 29 May 2019 06:14:55 -0700 (PDT)
MIME-Version: 1.0
References: <cover.1554732921.git.rgb@redhat.com> <509ea6b0-1ac8-b809-98c2-37c34dd98ca3@redhat.com>
 <CAHC9VhRW9f6GbhvvfifbOzd9p=PgdB2gq1E7tACcaqvfb85Y8A@mail.gmail.com>
 <3299293.RYyUlNkVNy@x2> <20190529004352.vvicec7nnk6pvkwt@madcap2.tricolour.ca>
In-Reply-To: <20190529004352.vvicec7nnk6pvkwt@madcap2.tricolour.ca>
From:   Paul Moore <paul@paul-moore.com>
Date:   Wed, 29 May 2019 09:14:44 -0400
Message-ID: <CAHC9VhScO5yfnM2tn=_6OKtuU5P_LukPfmnE06E0hVE-2e++uw@mail.gmail.com>
Subject: Re: [PATCH ghak90 V6 00/10] audit: implement container identifier
To:     Richard Guy Briggs <rgb@redhat.com>,
        Steve Grubb <sgrubb@redhat.com>
Cc:     Dan Walsh <dwalsh@redhat.com>, Neil Horman <nhorman@tuxdriver.com>,
        containers@lists.linux-foundation.org, linux-api@vger.kernel.org,
        Linux-Audit Mailing List <linux-audit@redhat.com>,
        linux-fsdevel@vger.kernel.org, LKML <linux-kernel@vger.kernel.org>,
        netdev@vger.kernel.org, netfilter-devel@vger.kernel.org,
        omosnace@redhat.com, dhowells@redhat.com, simo@redhat.com,
        Eric Paris <eparis@parisplace.org>,
        Serge Hallyn <serge@hallyn.com>, ebiederm@xmission.com,
        Mrunal Patel <mpatel@redhat.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, May 28, 2019 at 8:44 PM Richard Guy Briggs <rgb@redhat.com> wrote:
> On 2019-05-28 19:00, Steve Grubb wrote:
> > On Tuesday, May 28, 2019 6:26:47 PM EDT Paul Moore wrote:
> > > On Tue, May 28, 2019 at 5:54 PM Daniel Walsh <dwalsh@redhat.com> wrote:

...

> > > > Mrunal Patel (maintainer of CRI-O) and I have reviewed the API, and
> > > > believe this is something we can work on in the container runtimes team
> > > > to implement the container auditing code in CRI-O and Podman.
> > >
> > > Thanks Dan.  If I pulled this into a branch and built you some test
> > > kernels to play with, any idea how long it might take to get a proof
> > > of concept working on the cri-o side?
> >
> > We'd need to merge user space patches and let them use that instead of the
> > raw interface. I'm not going to merge user space until we are pretty sure the
> > patch is going into the kernel.
>
> I have an f29 test rpm of the userspace bits if that helps for testing:
>         http://people.redhat.com/~rbriggs/ghak90/git-1db7e21/
>
> Here's what it contains (minus the last patch):
>         https://github.com/linux-audit/audit-userspace/compare/master...rgbriggs:ghau40-containerid-filter.v7.0

Yes, exactly.  Just as I plan to start making some test kernels for
people to play with (assuming v6 looks okay), I think it would be good
if Steve could make a test build of the latest audit userspace with
the audit container ID patches.  It really shouldn't be that hard, and
the benefits should far outweigh any time spent generating the
tree/builds.

-- 
paul moore
www.paul-moore.com