[RFC][PATCH 3/3] (#7U1) file system auditing
Timothy R. Chavez
tinytim at us.ibm.com
Sat Apr 23 00:35:18 UTC 2005
On Friday 22 April 2005 15:19, Stephen Smalley wrote:
> On Thu, 2005-04-21 at 22:59 +0000, Timothy R. Chavez wrote:
> > Hello,
> >
> > This is the updated user space patch against audit-0.6.10. There should
> > be a patch out for audit-0.6.12 by tommorrow.
>
> You changed a #include <linux/audit.h> to #include
> </usr/include/linux/audit.h> in lib/libaudit.h, which breaks building
> unless your /usr/include/linux happens to refer to the patched kernel
> tree, right? Not to mention being a bad idea anyway. If I revert that
> particular change and do the usual manual creation of linux/audit.h as a
> symlink to the patched kernel's include/linux/audit.h, then it seems to
> build ok for me.
Cool. Sorry about that.
>
> Is the userspace interface "stable" now (i.e. will you at least preserve
> backward compatibility for any future changes), so we can stop
> rebuilding auditctl and auditd for each new kernel patch?
Yep. I know it's been a bit annoying, but I think both the kernel and user
space pieces, feature-wise, are pretty complete. Perhaps we might want to,
at some point, add a "delete all watches" feature in the user space tool (I
think this is better done in the kernel, but...) -- what does everyone think?
-tim
More information about the Linux-audit
mailing list