[PATCH, RFC] Add expression support to libauparse
Miloslav Trmac
mitr at redhat.com
Fri Feb 29 19:00:56 UTC 2008
Hello,
this patch extends libauparse to support arbitrary boolean expressions
and searching for record type ranges.
It seems best to define expression syntax and add a single
ausearch_add_expression() call, rather than build the expression from
atomic subexpressions. The defined syntax could be shared by all tools
that link to libauparse, and programs would be able to run (and display
meaningful error messages, as opposed to crashing when a relocation can
not be resloved) even if the installed libauparse version does not
support the used filter.
Attached is a description of the expression syntax. Please check
whether the design is reasonably future-proof. A nicer alternative to
using three different sets of comparison operators would be welcome.
Mirek
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ausearch-expression.txt
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20080229/b6629011/attachment.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: audit-expressions.patch
Type: text/x-patch
Size: 73478 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20080229/b6629011/attachment.bin>
More information about the Linux-audit
mailing list