[PATCH v4 0/3] Send audit/procinfo/cgroup data in socket-level control message
Jan Kaluža
jkaluza at redhat.com
Thu Jan 16 09:29:51 UTC 2014
On 01/16/2014 12:23 AM, Tejun Heo wrote:
> On Wed, Jan 15, 2014 at 06:21:43PM -0500, Eric Paris wrote:
>> Reliably being able to audit what process requested an action is
>> extremely useful. And I like the audit patch, as it is a couple of ints
>> we are storing.
>>
>> procinfo and cgroup can both be up to 4k of data.
>>
>> Is there an alternative he should consider? Some way to grab a
>> reference on task_struct and just attach that to the message?
>
> Or maybe it can be made separately optional instead of tagging along
> on an existing option so that it doesn't tax use cases which don't
> care about the new stuff?
Right, I could add new option next to SOCK_PASSCRED which could be used
to send newly added stuff. Would this be acceptable?
I would still vote for SCM_AUDIT to be part of SOCK_PASSCRED and move
SCM_CGROUP and SCM_PROCINFO into new option.
> Thanks.
>
Regards,
Jan Kaluza
More information about the Containers
mailing list