On Thu, Jun 9, 2016 at 7:31 AM, Steve Grubb <sgrubb@xxxxxxxxxx> wrote: > On Wednesday, June 08, 2016 10:05:01 PM Deepa Dinamani wrote: >> Audit timestamps are recorded in string format into >> an audit buffer for a given context. >> These mark the entry timestamps for the syscalls. >> Use y2038 safe struct timespec64 to represent the times. >> The log strings can handle this transition as strings can >> hold upto 1024 characters. > > Have you tested this with ausearch or any audit utilities? As an aside, a time > stamp that is up to 1024 characters long is terribly wasteful considering how > many events we get. /* AUDIT_BUFSIZ is the size of the temporary buffer used for formatting * audit records. Since printk uses a 1024 byte buffer, this buffer * should be at least that large. */ #define AUDIT_BUFSIZ 1024 The commit text is pointing out that the reserve space ensured in each call to audit_log_vformat is already much more than is needed by this call from audit_log_start. Also, since struct timespec64 is already the same as struct timespec on 64-bit systems, there is really no functional change except on 32-bit machines. Let me know if you want me to try it out on a 32-bit system. -Deepa -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
