Re: [PATCH v32 24/28] Audit: Add framework for auxiliary records

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Mar 3, 2022 at 5:33 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote:
> On 3/3/2022 2:27 PM, Paul Moore wrote:
> > On Wed, Mar 2, 2022 at 5:32 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote:
> >> On 2/2/2022 3:53 PM, Casey Schaufler wrote:
> >>> Add a list for auxiliary record data to the audit_buffer structure.
> >>> Add the audit_stamp information to the audit_buffer as there's no
> >>> guarantee that there will be an audit_context containing the stamp
> >>> associated with the event. At audit_log_end() time create auxiliary
> >>> records (none are currently defined) as have been added to the list.
> >>>
> >>> Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
> >> I'm really hoping for either Acks or feedback on this approach.
> > The only callers that make use of this functionality in this patchset
> > is in kernel/audit*.c in patches 25/28 and 26/28, yes?
>
> Yes.

Thanks.  I just wanted to make sure you weren't planning on any
additional callers in a future revision.  I understand that things may
change, but I just wanted to make sure there wasn't already something
pending.

> I think that the container ID record could use it as well.
> I haven't looked deeply, but it should be usable for any aux record type.

Possibly, but I'm intentionally trying to keep that separated at this
stage as the ordering is uncertain.  If/when both bits of
functionality land we can reconcile things as needed; it's all
internal implementation details so we don't have to worry too much
about changing it later.

-- 
paul-moore.com



[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux