[Patch]Fix the error in the output of "auditctl -s" when auditd is stoped
Steve Grubb
sgrubb at redhat.com
Thu Aug 7 13:54:30 UTC 2008
On Thursday 07 August 2008 09:39:37 Eric Paris wrote:
> > When auditd is stoped, "auditctl -s" will show "pid=0". I think it's
> > not correct information. It's better to tell users "auditd not started".
>
> We do try to keep the whole key=value pair thing in audit records.
This is for the display when you type auditctl -s and doesn't have anything to
do with audit records.
> I'd be willing to go with something like -1 to make it really clear, but
> with the number of complaints about the inconsistencies of audit records
> from people like John Dennis I'm not sure I'm a fan of this patch....
I don't think that's an issue since this is not in the records. My only
concern is what this might do to our test suites. For the moment, I'm just
trying to finish off what we will have in RHEL5 without changes to API that
might cause any regressions in the test suites.
Around the time that Fedora 11 work starts, I'd like to start making changes
to clean things up and have new ideas. That time is coming soon...but not
yet.
-Steve
More information about the Linux-audit
mailing list