Using the kernel's audit.h
Timothy R. Chavez
chavezt at gmail.com
Fri Mar 4 19:24:08 UTC 2005
Hello,
Mounir brought to my attention that audit-0.6.5 now uses the kernel's
audit.h -- This is going to be a problem, currently and could be a
potential problem in the future. I thought using kernel space headers
in user space programs was generally discouraged.
Currently, the auditfs piece uses kernel-specific structures. If
using the kernel's audit.h is the way we're going to do it, though,
I'll attempt to hide my stuff with __KERNEL__, but I have a feeling
that using this macro is going to annoy people. Then again, the audit
subsystem requires user space tools for it to be useful and this may
be permissible and less annoying.
Later, someone could add functionality to the audit subsystem without
changing old functionality and break the user space tools. These
types of changes should not affect the user space tools, but if they
use kernel-specific structures without __KERNEL__, the audit tools
will not be compilable. Of course we're hoping for someone to review
the patch and know that user space tools do use the kernel header
file....
Anyway, just voicing this concern. I'd personally prefer just keeping
a copy of the header file in userspace for userspace.
--
- Timothy R. Chavez
More information about the Linux-audit
mailing list