The kernel audit code only creates a socket in the initial network namespace. It should listen and accept data from any network namespace.
Started on it 2013-07-05.
eparis suggested starting with register_pernet_subsys().
a test case of:
- run clone() or unshare() with CLONE_NEWNET flag
- run: ip netns add TESTNET; ip netns exec TESTNET bash; auditctl -s
Posted patch upstream to linux-audit, lkml:
This bug appears to have been reported against 'rawhide' during the Fedora 20 development cycle.
Changing version to '20'.
More information and reason for this action is here: