[PATCH] new audit rule interface
Amy Griffis
amy.griffis at hp.com
Thu Jan 5 22:19:11 UTC 2006
On Thu, Jan 05, 2006 at 10:43:26AM -0600, Dustin Kirkland wrote:
> On 12/21/05, Amy Griffis <amy.griffis at hp.com> wrote:
> > diff --git a/include/linux/audit.h b/include/linux/audit.h
> > index 79d8271..b5da475 100644
> > --- a/include/linux/audit.h
> > +++ b/include/linux/audit.h
> > @@ -226,6 +229,26 @@ struct audit_status {
> > __u32 backlog; /* messages waiting in queue
> */
> > };
> >
> > +/* audit_rule_xprt supports filter rules with both integer and string
> > + * fields. It corresponds with AUDIT_ADD_RULE, AUDIT_DEL_RULE and
> > + * AUDIT_LIST_RULES requests.
> > + */
> > +struct audit_rule_xprt {
>
> This is really just a nit, but I think we might be more clear with the
> name of the structure. I thought 'xprt' was "expert" or "export" until
> Amy explained to me on IRC that it actually stands for "transport".
> Not a big deal, but it might make it more readable to call it
> audit_rule_transport or audit_rule_wbuf or audit_rule_varlen, or
> something else.
Of the three, I prefer audit_rule_transport, but it seems
unnecessarily long to me. I suppose we could shorten it to
audit_rule_trans, but I'm not sure that's any more readable than
'xprt'.
What do you think about changing the comment to make it more
descriptive? i.e.,
/* audit_rule_xprt is used to transport audit filter rule content
* between kernel and userspace. It supports filter rules with both
* integer and string fields and corresponds with AUDIT_ADD_RULE,
* AUDIT_DEL_RULE and AUDIT_LIST_RULES requests.
*/
Amy
More information about the Linux-audit
mailing list