[PATCH] Fix acct quoting in audit_log_acct_message())
Steve Grubb
sgrubb at redhat.com
Tue Mar 4 20:52:20 UTC 2008
On Tuesday 04 March 2008 15:43:23 Eric Paris wrote:
> > > If there's no agreement with them, should we change anything?
> > > auparse is working pretty good as is.
> >
> > No it's not. The auparse approach is based on tables, tables which have
> > been shown to be incorrect and tied to kernel versions and the patch set
> > used to build that kernel version.
>
> Can you show some example of which kernels had one thing and which
> kernels another?
Some of his examples was the directory auditing code that Al wrote. In the
user space side of it, I hadn't gotten the interpretation of the fields
working because it took a long time for it to come back downstream in Fedora
and by the time we had it I forgot to go check it. It wasn't like there was a
field that changed meaning, just a normal integration issue when 2 subsystems
have different delivery schedules. :)
-Steve
More information about the Linux-audit
mailing list