[PATCH V5 0/5] audit by executable name
Eric Paris
eparis at redhat.com
Wed Oct 29 23:59:09 UTC 2014
On Wed, 2014-10-29 at 17:54 -0400, Richard Guy Briggs wrote:
> On 14/10/29, Steve Grubb wrote:
> > On Wednesday, October 29, 2014 03:48:40 PM Richard Guy Briggs wrote:
> > > On 14/10/21, Paul Moore wrote:
> > > > > > Can anyone think of anything else that might be affected by this?
> > > > >
> > > > > No one uses this stuff, just change it.
> > > >
> > > > Yes, but I feel like I need to at least ask the question; how much
> > > > attention I pay to the answers is something else ...
> > >
> > > I'm still skeptical this won't blow up... Like the capabilities bitmap
> > > did. I suspect there isn't agreement on what constitutes a feature.
> >
> > Anything major that user space would have to know about to determine if its
> > supported. If you don't know, just ask if we need to add a bit to the bitmap.
> > Some examples, adding the object comparison engine, adding the loginuid-
> > immutable feature, if we added filtering on TTY that would also qualify (not
> > asking for that). Otherwise, user space get EINVAL on the netlink operation
> > which is not useful in explaining why the command was rejected.
>
> Well, I guess this falls under Linus' "thou shalt not break userspace",
> but it would certainly be tempting to change some of those to
> EOPNOTSUPP.
You only break userspace if something breaks :)
More information about the Linux-audit
mailing list