[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130619204927.GJ3212@redhat.com>
Date: Wed, 19 Jun 2013 16:49:27 -0400
From: Aristeu Rozanski <aris@...hat.com>
To: Gao feng <gaofeng@...fujitsu.com>
Cc: containers@...ts.linux-foundation.org, linux-audit@...hat.com,
linux-kernel@...r.kernel.org, serge.hallyn@...ntu.com,
eparis@...hat.com, ebiederm@...ssion.com,
matthltc@...ux.vnet.ibm.com, sgrubb@...hat.com
Subject: Re: [Part1 PATCH 00/22] Add namespace support for audit
On Wed, Jun 19, 2013 at 09:53:32AM +0800, Gao feng wrote:
> This patchset is first part of namespace support for audit.
> in this patchset, the mainly resources of audit system have
> been isolated. the audit filter, rules havn't been isolated
> now. It will be implemented in Part2. We finished the isolation
> of user audit message in this patchset.
>
> I choose to assign audit to the user namespace.
> Right now,there are six kinds of namespaces, such as
> net, mount, ipc, pid, uts and user. the first five
> namespaces have special usage. the audit isn't suitable to
> belong to these five namespaces, And since the flag of system
> call clone is in short supply, we can't provide a new flag such
> as CLONE_NEWAUDIT to enable audit namespace separately. so the
> user namespace may be the best choice.
I thought it was said on the last submission that to tie userns and
audit namespace would be a bad idea?
--
Aristeu
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists