Hello.
I suggest a new feature for audit.
When a user changes policy or resource via command line, no log remains.
I found logs about hbm through journald on CentOS but there is no log about hbm resource change history.
I think that only Authz logs are available under the current architecture.
When I run hbm resource ls, it directly call a function.
As I know, all commands of docker go through REST api to execute as below.
- Run
docker command via cli.
- Internally call REST API through unix sock, for example
/run/docker.sock.
- Execute the proper command.
If HBM has the same architecture as docker, all logs are available.
What do you think of implementing REST api to change policy or resources?
Surely I know this change needs big stuff.
Always thanks.
Hello.
I suggest a new feature for audit.
When a user changes policy or resource via command line, no log remains.
I found logs about
hbmthroughjournaldon CentOS but there is no log abouthbmresource change history.I think that only
Authzlogs are available under the current architecture.When I run
hbm resource ls, it directly call a function.As I know, all commands of
dockergo through REST api to execute as below.dockercommand via cli./run/docker.sock.If
HBMhas the same architecture asdocker, all logs are available.What do you think of implementing REST api to change policy or resources?
Surely I know this change needs big stuff.
Always thanks.