RFE: add network namespace ID to NETFILTER_CFG records

linux-audit / audit-kernel

GitHub mirror of the Linux Kernel's audit repository

https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git

Other

137 stars 36 forks source link

RFE: add network namespace ID to NETFILTER_CFG records #98

Closed rgbriggs closed 5 years ago

rgbriggs commented 5 years ago

Seemingly duplicate records are not actually exact duplicates that are caused by netfilter table configuration changes in different network namespaces from the same syscall. Add the network namespace ID (proc inode with dev) to the record to make this obvious.

See: https://github.com/linux-audit/audit-kernel/issues/25 See: https://github.com/linux-audit/audit-kernel/issues/35 See: https://github.com/linux-audit/audit-kernel/issues/43 See: https://github.com/linux-audit/audit-kernel/issues/44

rgbriggs commented 5 years ago

Oops, duplicate, see: https://github.com/linux-audit/audit-kernel/issues/79