New operators for rules
Steve Grubb
sgrubb at redhat.com
Thu Oct 6 19:47:23 UTC 2005
On Thursday 06 October 2005 08:39, Amy Griffis wrote:
> > We have to do this in a way that is backward compatible for old
> > kernels.
>
> Where is this requirement coming from?
If you are using fedora 4 and upgrade your kernel, you expect everything to
keep working.
> > Any ideas? Any preferred bit patterns?
>
> If this had been included as part of the original design, older
> kernels would have been masking out a set of bits for operator flags,
> instead of just a single bit. Since that isn't the case, I don't see
> any way to make it backward compatible other than requiring user-space
> tools to be aware of the kernel version and send the appropriate bits.
Sure, its simple to do. If the next set of bits have something in it, use it,
otherwise use the old one. This means 000 is backwards compatible. 101 could
be mapped to range.
> How about introducing this feature in a 2.0 release?
2.0 of what? We are presumably working on kernel 2.6.1x.
-Steve
More information about the Linux-audit
mailing list