August 27 - 28 - Vancouver, BC, Canada
Click for Information & Registration
Monday, August 27 • 2:10pm - 2:50pm
Linux Audit: Moving Beyond Kernel Namespaces to Audit Container IDs - Richard Guy Briggs, Red Hat

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Audit will need to run in containers, possibly for distributions, but more likely for docker micro-services to meet new certification requirements. Since the kernel has no concept of containers,
identifying the container involved in audit messages will equip tracking tools to follow process events in containers.

Namespaces were the primary focus of my container audit presentation two years ago in Toronto. Feedback and further work made it clear that no one namespace or subset could be depended on to be part of a container, so another approach was needed to track container activity.

Several design proposals and several patchsets have been posted aimed at providing a method of tracking container activity by audit. Allowing multiple audit daemons, each with its own rule space and queue along with a system-wide audit message routing configuration is the current plan.

avatar for Richard Guy Briggs

Richard Guy Briggs

Senior Software Engineer, Red Hat
Richard was an early adopter of Linux, having used it since 1992. He was also a founding board member of Ottawa Canada Linux Users Group and a speaker at the inaugural Ottawa Linux Symposium. Richard has written UNIX and Linux device drivers for telecom, video and network applications... Read More →

Monday August 27, 2018 2:10pm - 2:50pm PDT
Room 301