Log:namespaces per task

Richard Guy Briggs rgb at redhat.com
Fri Apr 29 02:19:51 UTC 2016


On 16/04/26, Deepika Sundar wrote:

[re-adding the list]

> https://www.redhat.com/archives/linux-audit/2015-April/msg00031.html
> In the above link it is mentioned that cloned action for the initial
> creation has the pid=481,is this a pid seen in namespace or the global
> one?Please clarify me.

This is always the initial PID namespace in the audit logs for now,
which are with respect to the initial PID namespace.

The kernel knows from which namespace a request is made and if it were
possible to have a process in a non-initial PID namespace query the
kernel, it would get back an answer relative to that namespace.  That is
not currently possible.

> -Deepika

- RGB

--
Richard Guy Briggs <rgb at redhat.com>
Kernel Security Engineering, Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635




More information about the Linux-audit mailing list