Don’t miss the Linux Security Summit, be sure to register now! 
Back To Schedule
Thursday, August 25 • 11:45 - 12:30
Current State of Kernel Audit and Linux Namespaces, Looking Ahead to Containers - Richard Guy Briggs, Red Hat

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Namespaces have been around since the mount namespace was introduced over a decade ago and audit was introduced a couple of years later.

Since then, audit's relationship with namespaces has evolved to restrict everything to PID and user initial namespaces for reporting integrity reasons, but then start to loosen things up again, first listening in all network namespaces, then permitting user audit message writes from any PID namespace.

Looking forward, audit will need to run in containers, possibly for distributions, but more likely for docker micro-services to meet new certification requirements. Anchoring the audit daemon in the user namespace with its own rulespace and queue looks to make the most sense. Since the kernel has no concept of containers, identifying namespaces in audit messages will equip tracking tools to follow process events in containers.

avatar for Richard Guy Briggs

Richard Guy Briggs

Senior Software Engineer, Red Hat
Richard was an early adopter of Linux, having used it since 1992. He was also a founding board member of Ottawa Canada Linux Users Group and a speaker at the inaugural Ottawa Linux Symposium. Richard has written UNIX and Linux device drivers for telecom, video and network applications... Read More →

Thursday August 25, 2016 11:45 - 12:30 EDT
Harbour C