Kernel audit output is inconsistent, hard to parse
Casey Schaufler
casey at schaufler-ca.com
Thu Jan 31 22:43:32 UTC 2008
--- Paul Moore <paul.moore at hp.com> wrote:
> On Thursday 31 January 2008 4:21:37 pm Steve Grubb wrote:
> > On Thursday 31 January 2008 16:11:38 Linda Knippers wrote:
> > > At one time we talked about converting to a binary record format.
> >
> > At this point, I want things stable. I've spent the last 3 years working on
> > the foundation to the audit system and we need to focus higher up the stack
> > for a while. There's all kinds of neat things we can do if we don't keep
> > reworking the bottom layer. :)
>
> ... Neat things like building castles on the sand? ;)
>
> (Sorry, couldn't resist!)
There's also the conversion from SELinux interfaces to LSM interfaces
that I'll be revisiting before long. Always a pain to have to do
something like that during a rewrite.
Casey Schaufler
casey at schaufler-ca.com
More information about the Linux-audit
mailing list