[RFC PATCH ghak89 V1] audit: rename FILTER_TYPE to FILTER_EXCL

Steve Grubb sgrubb at redhat.com
Fri Jun 1 19:37:12 UTC 2018 

On Friday, June 1, 2018 3:12:15 PM EDT Richard Guy Briggs wrote:
> On 2018-06-01 15:03, Steve Grubb wrote:
> > On Friday, June 1, 2018 1:58:34 PM EDT Richard Guy Briggs wrote:
> > > On 2018-06-01 12:55, Steve Grubb wrote:
> > > > On Thursday, May 31, 2018 6:21:20 PM EDT Richard Guy Briggs wrote:
> > > > > On 2018-05-31 17:29, Steve Grubb wrote:
> > > > > > On Thursday, May 31, 2018 4:23:09 PM EDT Richard Guy Briggs 
wrote:
> > > > > > > The AUDIT_FILTER_TYPE name is vague and misleading due to not
> > > > > > > describing
> > > > > > > where or when the filter is applied and obsolete due to its
> > > > > > > available
> > > > > > > filter fields having been expanded.
> > > > > > > 
> > > > > > > Userspace has already renamed it from AUDIT_FILTER_TYPE to
> > > > > > > AUDIT_FILTER_EXCLUDE without checking if it already exists.
> > > > > > 
> > > > > > Historically speaking, this is not why it is the way it is. But I
> > > > > > think
> > > > > > it
> > > > > > doesn't mean that you cannot do something like this:
> > > > > > 
> > > > > > #define AUDIT_FILTER_EXCLUDE    AUDIT_FILTER_TYPE
> > > > > 
> > > > > I was originally hoping to do that, but that then causes a build
> > > > > error
> > > > > on any previous version of audit userspace.
> > > > 
> > > > I cannot reproduce this. What error did you get? What version of gcc?
> > > 
> > > I didn't even try to compile it since I'd predicted that there would be
> > > a symbol definition conflict.
> > > 
> > > How did you not get a conflict with that definition also in the kernel
> > > header?
> > 
> > It's an identical definition. That's OK. Changes to a definition is last
> > one wins - but you get a warning not an error.
> 
> Do any distros compile with -Werror?

Audit itself can't be compiled with -Werror as there are lots of warnings 
about using string functions with unsigned chars. However, libaudit.h is used 
in 20 or so packages and there is a chance one may have -Werror. But I think 
its unlikely based on a recent project which involved looking over static 
analysis results for a large chunk of the Fedora 27 repo. Out of 4730 source 
packages, 84 had no compiler warnings. So, I'd say its next to impossible for 
any distribution to make -Werror a blanket policy.

-Steve

More information about the Linux-audit mailing list