[PATCH] IPC_SET_PERM cleanup

Klaus Weidner klaus at atsec.com
Wed May 10 16:29:02 UTC 2006


On Wed, May 10, 2006 at 10:02:31AM -0400, Steve Grubb wrote:
> On Tuesday 09 May 2006 16:46, Linda Knippers wrote:
> > > The original patches by Dustin and Linda had used "new_iuid=501" to
> > > differentiate the values, which I personally think was fine since it's
> > > unlikely that people want to be searching for those.
> >
> > And if they do, they're easy to find with an ausearch | grep.
> 
> This is at the wrong level. There may be people that are writing programs that 
> want any ouid. I want to stop the proliferation of field names and follow a 
> convention. Forget whether or not you think people will ever want the 
> information. We need a convention and then to follow it.

Yes - but "new ouid" is also a different field name from "ouid", and
unnecessarily hard to parse, especially since there's currently no well
defined concept of name modifiers like "new".

> > > If you absolutely want to avoid adding new tag names, an alternative
> > > would be to get rid of the "new " modifiers, and use the "type=" name to
> > > differentiate them. 
> 
> I don't want a proliferation of type names either. I think we have a lot of 
> them and should try to use existing ones where possible.

A list of existing record types would be useful. In this case, it's a
legitimate difference between "current object attributes" and "requested
new object attributes" sub-records that need to be distinct for the
syscall event, so using different types sounds appropriate.

-Klaus




More information about the Linux-audit mailing list