On Thursday, May 17, 2018 5:41:02 PM EDT Richard Guy Briggs wrote:
> On 2018-05-17 17:09, Steve Grubb wrote:
> > On Fri, 16 Mar 2018 05:00:30 -0400
> >
> > Richard Guy Briggs wrote:
> > > Create a new audit record AUDIT_CONTAINER_INFO to document the
> > > container ID of a process if it is prese
On 2018-05-17 17:09, Steve Grubb wrote:
> On Fri, 16 Mar 2018 05:00:30 -0400
> Richard Guy Briggs wrote:
>
> > Create a new audit record AUDIT_CONTAINER_INFO to document the
> > container ID of a process if it is present.
>
> As mentioned in a previous email, I think AUDIT_CONTAINER is more
> su
On Fri, 16 Mar 2018 05:00:30 -0400
Richard Guy Briggs wrote:
> Create a new audit record AUDIT_CONTAINER_INFO to document the
> container ID of a process if it is present.
As mentioned in a previous email, I think AUDIT_CONTAINER is more
suitable for the container record. One more comment below.
Create a new audit record AUDIT_CONTAINER_INFO to document the container
ID of a process if it is present.
Called from audit_log_exit(), syscalls are covered.
A sample raw event:
type=SYSCALL msg=audit(1519924845.499:257): arch=c03e syscall=257
success=yes exit=3 a0=ff9c a1=56374e1cef30
4 matches
Mail list logo
