Linux Audit: Moving Beyond Kernel Namespaces to Audit Container IDs

Explore the evolution of Linux Audit for container environments in this conference talk by Richard Guy Briggs from Red Hat. Learn about the challenges of auditing containers, the limitations of kernel namespaces, and proposed solutions for tracking container activity. Discover the latest developments in container auditing, including multiple audit daemons with separate rule spaces and message routing configurations. Gain insights into the complexities of container identification, nested containers, and log aggregation. Understand the importance of container auditing for meeting certification requirements and enhancing security in microservices architectures.

Introduction
Who am I
What are Containers
Whats the problem
History
Network namespace
Access controls
Audit container identifier
Network namespace issues
Conclusion
Contact Information
Nested Containers
Overheads
Other Developers
PTags
Log Aggregation