Published on December 8, 2016 by TheLinuxFoundation
Want create site? Find Free WordPress Themes and plugins.

Current State of Kernel Audit and Linux Namespaces, Looking Ahead to Containers – Richard Guy Briggs, Red Hat

Namespaces have been around since the mount namespace was introduced over a decade ago and audit was introduced a couple of years later.

Since then, audit’s relationship with namespaces has evolved to restrict everything to PID and user initial namespaces for reporting integrity reasons, but then start to loosen things up again, first listening in all network namespaces, then permitting user audit message writes from any PID namespace.

Looking forward, audit will need to run in containers, possibly for distributions, but more likely for docker micro-services to meet new certification requirements. Anchoring the audit daemon in the user namespace with its own rulespace and queue looks to make the most sense. Since the kernel has no concept of containers, identifying namespaces in audit messages will equip tracking tools to follow process events in containers.

About Richard Guy Briggs

Richard was an early adopter of Linux, having used it since 1992. He was also a founding board member of Ottawa Canada Linux Users Group and a speaker at the inaugural Ottawa Linux Symposium. Richard has written UNIX and Linux device drivers for telecom, video and network applications and embedded devices, having a good knowledge of IPsec protocols. He is comfortable in C, bash, Perl, with a soldering iron, oscilloscope, at a podium or chalkboard. He is now a Red Hat kernel security engineer.

Did you find apk for android? You can find new Free Android Games and apps.

Leave a Reply

Be the First to Comment!

Notify of
avatar

wpDiscuz