Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
Don’t miss the Linux Security Summit, be sure to register now! 
View analytic
Thursday, August 25 • 11:45 - 12:30
Current State of Kernel Audit and Linux Namespaces, Looking Ahead to Containers - Richard Guy Briggs, Red Hat

Sign up or log in to save this to your schedule and see who's attending!

Namespaces have been around since the mount namespace was introduced over a decade ago and audit was introduced a couple of years later.

Since then, audit's relationship with namespaces has evolved to restrict everything to PID and user initial namespaces for reporting integrity reasons, but then start to loosen things up again, first listening in all network namespaces, then permitting user audit message writes from any PID namespace.

Looking forward, audit will need to run in containers, possibly for distributions, but more likely for docker micro-services to meet new certification requirements. Anchoring the audit daemon in the user namespace with its own rulespace and queue looks to make the most sense. Since the kernel has no concept of containers, identifying namespaces in audit messages will equip tracking tools to follow process events in containers.

Speakers
avatar for Richard Guy Briggs

Richard Guy Briggs

Senior Software Engineer, Red Hat
Richard was an early adopter of Linux, having used it since 1992. He was also a founding board member of Ottawa Canada Linux Users Group and a speaker at the inaugural Ottawa Linux Symposium. Richard has written UNIX and Linux device drivers for telecom, video and network applications and embedded devices, having a good knowledge of IPsec protocols. He is comfortable in C, bash, Perl, with a soldering iron, oscilloscope, at a podium or... Read More →


Thursday August 25, 2016 11:45 - 12:30
Harbour C

Attendees (9)