Skip to content

RFE: test for audit container ID functionality #64

@rgbriggs

Description

@rgbriggs

Test for kernel audit container id functionality:

  • prohibit unsetting
  • prohibit self-setting
  • prohibit setting again
  • prohibit without CAP_AUDIT_CONTROL
  • verify AUDIT_CONTAINER record
  • verify auditctl containerid filter
  • verify kernel AUDIT_CONTAINERID filter functionality
  • verify AUDIT_CONTAINER_INFO record

See: linux-audit/audit-kernel#32
See: linux-audit/audit-kernel#90
See: linux-audit/audit-kernel#91
See: linux-audit/audit-kernel#92
See: linux-audit/audit-userspace#40
See: https://github.com/linux-audit/audit-kernel/wiki/RFE-Audit-Container-ID

Metadata

Metadata

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions