Bug 1266307
| Summary: | Capture information about the remote user connecting over socket in /run/docker | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Subhendu Ghosh <sghosh> |
| Component: | docker | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED ERRATA | QA Contact: | atomic-bugs <atomic-bugs> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.1 | CC: | ajia, dwalsh, ghelleks, lsm5, lsu, nalin |
| Target Milestone: | rc | Keywords: | Extras |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-05-12 15:16:19 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1265409, 1332016 | ||
| Bug Blocks: | 1303656 | ||
|
Description
Subhendu Ghosh
2015-09-25 02:40:14 UTC
docker-1.9 will have logging and auditing of docker administrator/user actions, separate from the actions inside of the container. Fixed in docker-1.9 works now per the steps from comment#4 in docker-1.9.1-39.el7.x86_64 logs would be a little bit long, put it in the end just in case of reference type=VIRT_CONTROL msg=audit(1462289859.652:17030): pid=18410 uid=0 auid=0 ses=2110 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='user=? auid=? exe=? hostname=? reason=api op=create vm=? vm-pid=? exe="/usr/bin/docker-current" hostname=? addr=? terminal=pts/0 res=success' type=VIRT_CONTROL msg=audit(1462289859.656:17031): pid=18410 uid=0 auid=0 ses=2110 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=create vm=? vm-pid=? user=? auid=? exe=? hostname=? reason=api exe="/usr/bin/docker-current" hostname=? addr=? terminal=pts/0 res=success' type=VIRT_CONTROL msg=audit(1462289863.817:17032): pid=18410 uid=0 auid=0 ses=2110 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='user=? auid=? exe=? hostname=? reason=api op=create vm=? vm-pid=? exe="/usr/bin/docker-current" hostname=? addr=? terminal=pts/0 res=success' type=VIRT_CONTROL msg=audit(1462289866.277:17033): pid=18410 uid=0 auid=0 ses=2110 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='reason=api op=attach vm=busybox vm-pid=0 user=? auid=? exe=echo hostname=1331d87c1dc9 exe="/usr/bin/docker-current" hostname=? addr=? terminal=pts/0 res=success' type=VIRT_CONTROL msg=audit(1462289866.281:17034): pid=18410 uid=0 auid=0 ses=2110 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='reason=api op=start vm=busybox vm-pid=0 user=? auid=? exe=echo hostname=1331d87c1dc9 exe="/usr/bin/docker-current" hostname=? addr=? terminal=pts/0 res=success' type=ANOM_PROMISCUOUS msg=audit(1462289866.405:17035): dev=veth8439621 prom=256 old_prom=0 auid=0 uid=0 gid=0 ses=2110 type=SYSCALL msg=audit(1462289866.405:17035): arch=c000003e syscall=44 success=yes exit=40 a0=12 a1=c208be9200 a2=28 a3=0 items=0 ppid=17335 pid=18419 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2110 comm="docker-current" exe="/usr/bin/docker-current" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) type=NETFILTER_CFG msg=audit(1462289866.772:17036): table=filter family=2 entries=0 type=NETFILTER_CFG msg=audit(1462289866.772:17036): table=raw family=2 entries=0 type=NETFILTER_CFG msg=audit(1462289866.772:17036): table=security family=2 entries=0 type=NETFILTER_CFG msg=audit(1462289866.772:17036): table=mangle family=2 entries=0 type=NETFILTER_CFG msg=audit(1462289866.772:17036): table=nat family=2 entries=0 type=NETFILTER_CFG msg=audit(1462289866.772:17036): table=filter family=10 entries=0 type=NETFILTER_CFG msg=audit(1462289866.772:17036): table=raw family=10 entries=0 type=NETFILTER_CFG msg=audit(1462289866.772:17036): table=security family=10 entries=0 type=NETFILTER_CFG msg=audit(1462289866.772:17036): table=mangle family=10 entries=0 type=NETFILTER_CFG msg=audit(1462289866.772:17036): table=nat family=10 entries=0 type=SYSCALL msg=audit(1462289866.772:17036): arch=c000003e syscall=56 success=yes exit=18514 a0=6c020011 a1=0 a2=0 a3=0 items=0 ppid=17335 pid=18419 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2110 comm="docker-current" exe="/usr/bin/docker-current" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) type=VIRT_CONTROL msg=audit(1462289866.975:17037): pid=18410 uid=0 auid=0 ses=2110 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='user=? auid=? exe=echo hostname=1331d87c1dc9 reason=api op=resize vm=busybox vm-pid=18514 exe="/usr/bin/docker-current" hostname=? addr=? terminal=pts/0 res=success' type=ANOM_PROMISCUOUS msg=audit(1462289867.395:17038): dev=veth8439621 prom=0 old_prom=256 auid=0 uid=0 gid=0 ses=2110 type=SYSCALL msg=audit(1462289867.395:17038): arch=c000003e syscall=44 success=yes exit=32 a0=14 a1=c208cd69a0 a2=20 a3=0 items=0 ppid=17335 pid=18419 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2110 comm="docker-current" exe="/usr/bin/docker-current" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2016-1034.html |