ABI guarantee for auditd
hsultan at thefroid.net
hsultan at thefroid.net
Thu Jan 15 20:24:38 UTC 2015
Hi,
Sorry for the deluge of questions :)
Regarding auditd, what is the ABI guarantee ? Do you guarantee that the
text contained in audit_reply->msg.data will always be the same format ?
I imagine you reserve the right to add fields, but how about removing
any or even reordering them ?
Or are people simply required to use auparse to guarantee they get
records properly ?
Also, regarding 'unofficial' ABI compatibility, when has the
audit_reply->msg.data format changed last ? Say these past 3-4 years,
were there any changes in the format or could I use a faster, but
specifically focused parser on the msgs when detecting older releases at
least ?
Thanks,
Hassan
More information about the Linux-audit
mailing list