audit 1.7.18 and auparse_feed_has_data
Lev Stipakov
lstipakov at gmail.com
Mon Feb 1 11:48:42 UTC 2016
Hi,
I have a Debian 7.9 which includes libaudit-devel-1.7.18. That version
does not have auparse_feed_has_data(). Its implementation looks simple,
however it uses au_lo, which is declared as static in auparse.c and
therefore cannot be accessed outside of that file.
I took auparse_feed_has_data() usage from audisp-example.c
tv.tv_sec = 5;
tv.tv_usec = 0;
FD_ZERO(&read_mask);
FD_SET(0, &read_mask);
if (auparse_feed_has_data(au))
retval= select(1, &read_mask, NULL, NULL, &tv);
else
retval= select(1, &read_mask, NULL, NULL, NULL);
I noticed that old version of example plugin doesn't have
auparse_feed_has_data() or select() calls
(https://github.com/gdestuynder/audit-cef/blob/master/contrib/plugin/audisp-example.c#L104)
What is the purpose of select/auparse_feed_has_data? Is it some kind of
optimization or bug fix? Since I have to support Debian 7 and probably
have to stick to audit 1.7 headers, is it safe to use the "old way"?
-Lev
More information about the Linux-audit
mailing list