[RFC][PATCH] audit: add feature audit_lost reset
Paul Moore
paul at paul-moore.com
Mon Dec 12 20:53:52 UTC 2016
On Sat, Dec 10, 2016 at 3:40 PM, Steve Grubb <sgrubb at redhat.com> wrote:
> On Friday, December 9, 2016 6:46:43 PM EST Paul Moore wrote:
>> > I would suggest that the return value (presuming it was reset when
>> > non-zero) or the audit record generated reporting the lost value
>> > reset would be sufficient confirmation that the feature exists on the
>> > running kernel and the addition to the feature bitmap is not strictly
>> > necessary, but you only find this out upon attempting that lost reset.
>> >
>> > Well, we haven't used much of that bitmap space and if it isn't to be
>> > used when needed, why is it there? If there is a relatively simple
>> > alternate non-destructive way to discover the presence of a feature use
>> > of the bitmap isn't necessary.
>>
>> My concern isn't the absolute consumption of the bitmap, but rather
>> the rate of the consumption.
>
> I'm not concerned much about it. There are very few more RFE's that are either
> in the pipeline or something I can think of that we need.
We always need to plan on more features, regardless of what you know
about today, something (many somethings actually) is almost certain to
come up in the future.
--
paul moore
www.paul-moore.com
More information about the Linux-audit
mailing list