Bug 976536

Summary: Have kernel audit listen in all network namespaces
Product: [Fedora] Fedora Reporter: Eric Paris <eparis>
Component: kernelAssignee: Richard Guy Briggs <rbriggs>
Status: CLOSED UPSTREAM QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: gansalmon, itamar, jonathan, kernel-maint, madhu.chinakonda
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-04-29 14:09:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Eric Paris 2013-06-20 18:25:58 UTC 
The kernel audit code only creates a socket in the initial network namespace.  It should listen and accept data from any network namespace.
Comment 1 Richard Guy Briggs 2013-07-10 15:32:24 UTC 
Started on it 2013-07-05.

eparis suggested starting with register_pernet_subsys().

a test case of:
- run clone() or unshare() with CLONE_NEWNET flag
- run: ip netns add TESTNET; ip netns exec TESTNET bash; auditctl -s
Comment 2 Richard Guy Briggs 2013-07-16 22:09:57 UTC 
Posted patch upstream to linux-audit, lkml:
https://www.redhat.com/archives/linux-audit/2013-July/msg00027.html
https://lkml.org/lkml/2013/7/16/526
Comment 3 Fedora End Of Life 2013-09-16 16:44:12 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 20 development cycle.
Changing version to '20'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora20