[PATCH] fix ppid bug in 2.6.18 kernel
Amy Griffis
amy.griffis at hp.com
Mon Aug 28 20:51:27 UTC 2006
Steve Grubb wrote: [Mon Aug 28 2006, 03:22:14PM EDT]
> On Monday 28 August 2006 14:59, Amy Griffis wrote:
> > AUDIT_PPID was recently added, so shouldn't be supported for the
> > legacy structure.
>
> There's no harm in adding it here. Lets old userspace work with new kernels.
>
> > Instead auditctl should use struct audit_rule_data for rules with
> > AUDIT_PPID.
>
> The way that it currently works is that it uses the old structures until it
> decides that it needs the new structures (key, watch, etc). It needs to do
> this so that people can boot into old kernels and issue audit commands. FC5
> includes 2.6.16 kernel and I will be pushing the current audit userspace into
> FC5 when we know that everything works fine for 2.6.18. So, FC5 will have
> users with both kinds of kernels.
>
> I will be removing all the old audit_rule stuff soon so that auditctl uses
> nothing but the new interface. Somewhere around 2.6.20, we should pull all
> the old audit_rule struct stuff from the kernel, too.
Okay, I'm glad to hear it. My concern was not to support the legacy
structure indefinitely.
> But in the mean time, we should support both equally when it makes sense.
>
> -Steve
>
More information about the Linux-audit
mailing list