RFE: test for audit container ID functionality

Test for kernel audit container id functionality:

- prohibit unsetting
- prohibit self-setting
- prohibit setting again
- prohibit without CAP_AUDIT_CONTROL
- verify AUDIT_CONTAINER record
- verify auditctl containerid filter
- verify kernel AUDIT_CONTAINERID filter functionality
- verify AUDIT_CONTAINER_INFO record

See: https://github.com/linux-audit/audit-kernel/issues/32
See: https://github.com/linux-audit/audit-kernel/issues/90
See: https://github.com/linux-audit/audit-kernel/issues/91
See: https://github.com/linux-audit/audit-kernel/issues/92
See: https://github.com/linux-audit/audit-userspace/issues/40
See: https://github.com/linux-audit/audit-kernel/wiki/RFE-Audit-Container-ID

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

RFE: test for audit container ID functionality #64

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

RFE: test for audit container ID functionality #64

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions