mirror of
https://github.com/linuxkit/linuxkit.git
synced 2025-11-04 05:46:41 +00:00
44cbd38650
Two things to note here: we unfortunately can't just exec audit, because something needs to load the rules in beforehand. Second, it also dies if it can't re-nice itself, so we have to give it CAP_SYS_NICE as well as the audit caps. I didn't add this to the default linuxkit.yml because the linuxkit/audit repo doesn't exist yet, but we should probably (?) do that. Additionally, we should provide the kernel parameter audit=1, otherwise according to auditd's man pages, we can't audit some early tasks. Closes #52 Signed-off-by: Tycho Andersen <tycho@docker.com>
6 lines
106 B
Bash
Executable File
6 lines
106 B
Bash
Executable File
#!/bin/sh
|
|
|
|
# load the audit rules into the kernel
|
|
auditctl -R /etc/audit/audit.rules
|
|
exec /sbin/auditd -f
|