Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp260426ybp; Thu, 10 Oct 2019 17:42:02 -0700 (PDT) X-Google-Smtp-Source: APXvYqzqq6RhbRxduMjHW7MVvUjlqic4RPwG0dfRzAt0/6+Qz+vEEO+j74zINXhJFO1crJvRTtoU X-Received: by 2002:aa7:c895:: with SMTP id p21mr11104424eds.38.1570754522332; Thu, 10 Oct 2019 17:42:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570754522; cv=none; d=google.com; s=arc-20160816; b=yS0/FPp5xlfTRdwIxoCZIbBRm3LoiJmY/NIJePQWDNC0Ayv0Q1sEu9Lldpu2E13YoF OVgXelKS/GTUGxiMFdDfMgkpyeCQ+r+GweguATma+5EXZxPNklLYKrZwmmQ9W1VDV+MF CD1yge4YL6sfZxx7mMwHb35wXVSz5oQR+NQx4uCYbtqyL6XrCtduGdSqEAqrYKSWpJ23 sNGxrgbk1H1bp3oHYXuELHiVeSDiA25Vh31xtDSyfDlWDnEAvQerGUhjRRdeeysyJoA/ jmHbsQQ2ejeZhdut8W2DIDzYM8nsDKDcUEWqtJBNyvZdy9fugib428IM0K1ik5NEQYWq GzUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=H2FS1xOZd/52wDxpWUrAmpLbVkhqrk6X7y4KWQdphOQ=; b=pYGCmrzr97qXJjaJUCXxjd2FPkamIKVP1PwNvChBaZeB+Oyg+6ho0AuC3aFupKxNOL ovpY1a4EHGqjMTpGBuu/GhXcxFn5frxoLMSTm6psnjOyws4M7ZxOWAkrnxUf954LCz8q 5tXBTIPNPhxiBn0Qq7OAdhc6sW0P/fhD+wMNYTE3dT/h3fwERo26kJ/Jf//pLUnl1F9y 6FSK8koRepxo2Ee3LnZ+DqFqc+63JezqFGE+G0EItQE0Vhoey5rwDOstjVSGg5/tacFr byJsa41DmKBPrz6EwkppNmjzCL/5XaLZEztx1wNCMFzaZnDtspWiuVes0EFHqTklFS6y sM7g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b="excfJ/xP"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b12si4924288edk.16.2019.10.10.17.41.39; Thu, 10 Oct 2019 17:42:02 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b="excfJ/xP"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728063AbfJKAku (ORCPT + 99 others); Thu, 10 Oct 2019 20:40:50 -0400 Received: from mail-lj1-f193.google.com ([209.85.208.193]:39805 "EHLO mail-lj1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727695AbfJKAkt (ORCPT ); Thu, 10 Oct 2019 20:40:49 -0400 Received: by mail-lj1-f193.google.com with SMTP id y3so8048862ljj.6 for ; Thu, 10 Oct 2019 17:40:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=H2FS1xOZd/52wDxpWUrAmpLbVkhqrk6X7y4KWQdphOQ=; b=excfJ/xPWZ2+jilbteJY4Vi+c9HHFbmh8FkB0VkVQqsRNzfaN29He3nWLonU+RXfhK 3pXMA0TLVwHppNQr0AUdUG53U42HF+9GxxpGlj/4kcIRtN2pAGAhjypJkZNwf6iE4U2K QnDU6KwbkTBSAhWjCsQuxo6Yvo3mAnUXyeDgSEkA6Cy+jFD7qJ0JXa3ufc+Z8Ubil/UN 0Cdjgen9Fv8pItZNyHwfvmTyOXAjZeb7m1pS8EB6mZ+mIjfO5jq4nE77VYMmJNXOtxB7 kvPLp8grvYwauQ5k1eqQDdg2eooaCdMYqVLWUpqPOHk/o0cD7moYJjQphs+tsLLeny72 W+eg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=H2FS1xOZd/52wDxpWUrAmpLbVkhqrk6X7y4KWQdphOQ=; b=tzHDKrU8MibXWvNI7/LdNXvqBnE/HFnU2B39uf+plH8sdxX4oUTKT/tSXWRtszukUU 5CqMG5upg1BoM+ejDEygEpL7lOD+44tn6f2eFrBB9lO0dR3IWYhpUrwUlqyi4hbSj9+L XWJP0elgckc5iwubU3n7hgXz3YJKexCB03BFGc1wL+ND4jis5YXCFS6yCsHpVNeUbTZu 7RxaZM1GfrqhkDZXogZlu5oe9I+K0Atyjp1Uq6SEjdVtqATWPeJauZ6kTlGFjHA6IIBQ Tujs6ZdeKz2PEAd3ut9yU0nwwyuzGFzYeESSeN50eMk8CUIvLEctfa6UbMAfoCmyN0Ih A8Sg== X-Gm-Message-State: APjAAAWCEqhJz+jPutZH42s6qngZos4/tkqrQON6df2OUZn+lGRZLq72 cIpTAnLFjysGFmBzt1oud0uUpN1Iazgrp7ADiTAF X-Received: by 2002:a2e:8ec2:: with SMTP id e2mr7129095ljl.126.1570754447449; Thu, 10 Oct 2019 17:40:47 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Paul Moore Date: Thu, 10 Oct 2019 20:40:36 -0400 Message-ID: Subject: Re: [PATCH ghak90 V7 16/21] audit: add support for contid set/get by netlink To: Richard Guy Briggs Cc: containers@lists.linux-foundation.org, linux-api@vger.kernel.org, Linux-Audit Mailing List , linux-fsdevel@vger.kernel.org, LKML , netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, sgrubb@redhat.com, omosnace@redhat.com, dhowells@redhat.com, simo@redhat.com, Eric Paris , Serge Hallyn , ebiederm@xmission.com, nhorman@tuxdriver.com, Dan Walsh , mpatel@redhat.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Sep 18, 2019 at 9:26 PM Richard Guy Briggs wrote: > Add the ability to get and set the audit container identifier using an > audit netlink message using message types AUDIT_SET_CONTID 1023 and > AUDIT_GET_CONTID 1022 in addition to using the proc filesystem. The > message format includes the data structure: > > struct audit_contid_status { > pid_t pid; > u64 id; > }; > > Signed-off-by: Richard Guy Briggs > --- > include/uapi/linux/audit.h | 2 ++ > kernel/audit.c | 40 ++++++++++++++++++++++++++++++++++++++++ > kernel/audit.h | 5 +++++ > 3 files changed, 47 insertions(+) I'm not a fan of having multiple interfaces to do one thing if it can be avoided. Presumably the argument for the netlink API is the container folks don't want to have to mount /proc inside containers which are going to host nested orchestrators? Can you reasonably run a fully fledged orchestrator without a valid /proc? -- paul moore www.paul-moore.com