New operators for rules
Timothy R. Chavez
tinytim at us.ibm.com
Thu Oct 6 20:23:30 UTC 2005
On Thursday 06 October 2005 14:47, Steve Grubb wrote:
> On Thursday 06 October 2005 08:39, Amy Griffis wrote:
> > > We have to do this in a way that is backward compatible for old
> > > kernels.
> >
> > Where is this requirement coming from?
>
> If you are using fedora 4 and upgrade your kernel, you expect everything to
> keep working.
>
> > > Any ideas? Any preferred bit patterns?
> >
> > If this had been included as part of the original design, older
> > kernels would have been masking out a set of bits for operator flags,
> > instead of just a single bit. Since that isn't the case, I don't see
> > any way to make it backward compatible other than requiring user-space
> > tools to be aware of the kernel version and send the appropriate bits.
>
> Sure, its simple to do. If the next set of bits have something in it, use it,
> otherwise use the old one. This means 000 is backwards compatible. 101 could
> be mapped to range.
>
> > How about introducing this feature in a 2.0 release?
>
> 2.0 of what? We are presumably working on kernel 2.6.1x.
>
> -Steve
>
audit-2.0?
-tim
More information about the Linux-audit
mailing list