[PATCH] fix ppid bug in 2.6.18 kernel
Steve Grubb
sgrubb at redhat.com
Mon Aug 28 19:22:14 UTC 2006
On Monday 28 August 2006 14:59, Amy Griffis wrote:
> AUDIT_PPID was recently added, so shouldn't be supported for the
> legacy structure.
There's no harm in adding it here. Lets old userspace work with new kernels.
> Instead auditctl should use struct audit_rule_data for rules with
> AUDIT_PPID.
The way that it currently works is that it uses the old structures until it
decides that it needs the new structures (key, watch, etc). It needs to do
this so that people can boot into old kernels and issue audit commands. FC5
includes 2.6.16 kernel and I will be pushing the current audit userspace into
FC5 when we know that everything works fine for 2.6.18. So, FC5 will have
users with both kinds of kernels.
I will be removing all the old audit_rule stuff soon so that auditctl uses
nothing but the new interface. Somewhere around 2.6.20, we should pull all
the old audit_rule struct stuff from the kernel, too.
But in the mean time, we should support both equally when it makes sense.
-Steve
More information about the Linux-audit
mailing list