On Thu, Mar 3, 2022 at 5:33 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > On 3/3/2022 2:27 PM, Paul Moore wrote: > > On Wed, Mar 2, 2022 at 5:32 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > >> On 2/2/2022 3:53 PM, Casey Schaufler wrote: > >>> Add a list for auxiliary record data to the audit_buffer structure. > >>> Add the audit_stamp information to the audit_buffer as there's no > >>> guarantee that there will be an audit_context containing the stamp > >>> associated with the event. At audit_log_end() time create auxiliary > >>> records (none are currently defined) as have been added to the list. > >>> > >>> Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx> > >> I'm really hoping for either Acks or feedback on this approach. > > The only callers that make use of this functionality in this patchset > > is in kernel/audit*.c in patches 25/28 and 26/28, yes? > > Yes. Thanks. I just wanted to make sure you weren't planning on any additional callers in a future revision. I understand that things may change, but I just wanted to make sure there wasn't already something pending. > I think that the container ID record could use it as well. > I haven't looked deeply, but it should be usable for any aux record type. Possibly, but I'm intentionally trying to keep that separated at this stage as the ordering is uncertain. If/when both bits of functionality land we can reconcile things as needed; it's all internal implementation details so we don't have to worry too much about changing it later. -- paul-moore.com
