Performance of libauparse
Matthew Booth
mbooth at redhat.com
Wed Oct 1 16:08:44 UTC 2008
Eric Paris wrote:
> On Tue, 2008-09-30 at 15:18 -0400, John Dennis wrote:
>> Eric likes to point out we can't change the
>> kernel
>
> Close, but not quite. I say we can't change the kernel without complete
> backwards compatibility. Show me the right solution and we can get
> there, we just can't throw away what's already there.
My other mail listed 6 ways in which audit *has already broken*
userspace through non-backwards compatibility. That list came from a
very quick search, and were only the changes which unarguably broke
userspace. There are undoubtedly far more. If you look at those 6
changes, each has been a genuine improvement but broke userspace
nonetheless. The situation is still very messy, and this will continue
to happen because the protocol has evolved organically rather than
through deliberate design, and was not designed for extensibility.
The next time somebody suggests breaking userspace you could take the
opportunity to implement a new protocol instead. The current protocol
could be frozen, and the new protocol implemented in parallel. It seems
to me that the biggest chunk of work to do this would be in the protocol
design. As the same data will likely be output in the same places, most
of the coding should be donkey work to change the format. As far as
kernel infrastructure changes go, this wouldn't be a big one.
Matt
--
Matthew Booth, RHCA, RHCSS
Red Hat, Global Professional Services
M: +44 (0)7977 267231
GPG ID: D33C3490
GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490
More information about the Linux-audit
mailing list