[PATCH] Audit filter rule operators (2/2)
Dustin Kirkland
dustin.kirkland at us.ibm.com
Mon Oct 24 16:25:57 UTC 2005
On Mon, 2005-10-24 at 11:13 -0500, Timothy R. Chavez wrote:
> On Friday 21 October 2005 18:24, Dustin Kirkland wrote:
> > + case AUDIT_EQUAL:
> > + default:
> > + rc = (left == right);
> > + break;
> > + }
>
> Do we really want to default undefined operations to AUDIT_EQUAL. I'd expect an error.
It's needed for backward compatibility, I think. Older versions of
audit userspace will not have the notion of these new operators. In
those cases, the "=" is implied, and negated by AUDIT_NEGATE. Thus, I
think we need to assume that if none of the comparators are flagged,
then it's legacy audit userspace support, in which case we assume "=".
Is that unreasonable?
:-Dustin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20051024/e90757ec/attachment.sig>
More information about the Linux-audit
mailing list