[PATCH] new audit rule interface
Timothy R. Chavez
tinytim at us.ibm.com
Thu Jan 5 18:05:53 UTC 2006
On Thursday 05 January 2006 10:43, Dustin Kirkland wrote:
> On 12/21/05, Amy Griffis <amy.griffis at hp.com> wrote:
> > diff --git a/include/linux/audit.h b/include/linux/audit.h
> > index 79d8271..b5da475 100644
> > --- a/include/linux/audit.h
> > +++ b/include/linux/audit.h
> > @@ -226,6 +229,26 @@ struct audit_status {
> > __u32 backlog; /* messages waiting in queue
> */
> > };
> >
> > +/* audit_rule_xprt supports filter rules with both integer and string
> > + * fields. It corresponds with AUDIT_ADD_RULE, AUDIT_DEL_RULE and
> > + * AUDIT_LIST_RULES requests.
> > + */
> > +struct audit_rule_xprt {
>
> This is really just a nit, but I think we might be more clear with the
> name of the structure. I thought 'xprt' was "expert" or "export" until
> Amy explained to me on IRC that it actually stands for "transport". Not
> a big deal, but it might make it more readable to call it
> audit_rule_transport or audit_rule_wbuf or audit_rule_varlen, or
> something else.
>
> :-Dustin
>
I like audit_rule_transport, personally. It's descriptive and not too
verbose.
-tim
More information about the Linux-audit
mailing list