[PATCH V5 0/5] audit by executable name
Eric Paris
eparis at redhat.com
Tue Oct 21 22:19:52 UTC 2014
On Tue, 2014-10-21 at 17:56 -0400, Paul Moore wrote:
> * Change the audit_status.version field comment in include/uapi/linux/audit.h
> to "/* audit functionality bitmap */", or similar. We can't really change the
> structure now, but the comment is fair game.
Trying to think how to do things with a #define so you can rename,
"version" is pretty darn generic to pre-process. You could make it a
union, so userspace code and use a sane name....
>
> * Change AUDIT_VERSION_LATEST to a bitmask instead of a number. For example,
> it should be 3 given the current code, not 2. In a perfect world this
> wouldn't even be in the uapi header, but it is so we need to keep it updated.
> Bumping it higher should be backwards compatible.
Getting 1 without 2 is actually hard to accompish as I remember, but
yes, you're right, i missed that. I should be 3....
> Can anyone think of anything else that might be affected by this?
No one uses this stuff, just change it.
More information about the Linux-audit
mailing list