lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20171228120539.GA13368@ewexler>
Date:   Thu, 28 Dec 2017 14:05:39 +0200
From:   Elad Wexler <elad.wexler@...il.com>
To:     netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
        zbr@...emap.net
Subject: [RFC] Supporting namespaces in the connector driver

Hi,

I have spent some time looking at the cn_proc monitor capabilities
which use the connector driver for monitoring processes.

Currently the cn_proc (and all other modules which are using the connector)
only works on the main init_user_ns namespace.
If I am working inside a docker container (as an example), I won't be able to monitor process
creation, for example fork()/exec() etc ...

Of course I will be able to monitor any process from the host namespace (init_user_ns)
but I would like also to be able to monitor the processes that belong to the same
docker container, (belong to the same namespace)

I wonder if there is a plan to add pernet support for the connector?
If you think it there is a good reason to add that? (I can provide a few patches that do that)

I will be happy to work on to add a support for that, and actually I have started to
do some modification to make it works. and still testing it.

Thanks

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ