In order to track configuration and other operations on jails via jail_get(2), jail_set(2), and so on, we should extend struct prison with a UUID. It is not clear whether or not this UUID should be dropped into each kernel audit record or not.
(@arun: would it be beneficial from a CDM perspective to provide a UUID for the jail, if any, in the subject field of each audit record...? Currently we provide the thread and process UUIDs.)
In order to track configuration and other operations on jails via
jail_get(2)
,jail_set(2)
, and so on, we should extendstruct prison
with a UUID. It is not clear whether or not this UUID should be dropped into each kernel audit record or not.(@arun: would it be beneficial from a CDM perspective to provide a UUID for the jail, if any, in the subject field of each audit record...? Currently we provide the thread and process UUIDs.)