On Thu, Aug 18, 2016 at 1:56 AM, Richard Guy Briggs <rgb@xxxxxxxxxx> wrote: > On 2016-08-17 16:58, Paul Moore wrote: >> However, as far as I can see, the biggest problem with this patch is >> that it adds a field in the middle of a record which will likely cause >> the audit userspace tools to explode (or so I've been warned in the >> past). Steve, what say you about the userspace? > > Adding fields in the middle isn't necessarily a problem if it doesn't > confuse the existing scanner, which can skip over fields about which it > does not care. I've carefully added fields in the middle in the past, > trying my best to group it logically with the rest of the information as > has been requested, I think: subject, action, object, result. I've ranted about this before so I won't do it again here, but ultimately the problem is that the guidance for userspace applications/libraries has been that you can expect certain fields in specific locations. -- paul moore www.paul-moore.com _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
