Add the network namespace ID to NETFILTER_CFG records to distinguish them from each other.
It was found that some syscalls appeared to have duplicate (and in one case up to 11) NETFILTER_CFG records when in fact they were records produced from different network namespaces during the same call.
This will depend on a general solution to documenting namespace IDs in audit records.
Add the network namespace ID to NETFILTER_CFG records to distinguish them from each other.
It was found that some syscalls appeared to have duplicate (and in one case up to 11) NETFILTER_CFG records when in fact they were records produced from different network namespaces during the same call.
This will depend on a general solution to documenting namespace IDs in audit records.
See: 2nd last point of: https://github.com/linux-audit/audit-kernel/issues/25#issuecomment-301891179 Patch: https://www.redhat.com/archives/linux-audit/2017-May/msg00040.html