[PATCH v2] audit: report audit wait metric in audit status reply

Paul Moore paul at paul-moore.com
Fri Dec 4 02:16:52 UTC 2020 

On Thu, Dec 3, 2020 at 6:55 PM Steve Grubb <sgrubb at redhat.com> wrote:
> On Thursday, December 3, 2020 6:43:11 PM EST Paul Moore wrote:
> > > So far there are only seven bits used out of 32, so it does not appear we
> > > are in danger of running out anytime soon.
>
> Exactly. Even capability bits are easier to get assigned.  :-)

Another way to look at it is that we've exhausted approximately
one-third of the space in six years.  In reality it is worse than that
as I've been putting the brakes on new feature bits for a while now.

> > > It was introduced with commit 0288d7183c41c0192d2963d44590f346f4aee917
> > > Author:     Richard Guy Briggs <rgb at redhat.com>
> > > AuthorDate: 2014-11-17 15:51:01 -0500
> > > Commit:     Paul Moore <pmoore at redhat.com>
> > > CommitDate: 2014-11-17 16:53:51 -0500
> > > ("audit: convert status version to a feature bitmap")
> > > It was introduced specifically to enable distributions to selectively
> > > backport features.  It was converted away from AUDIT_VERSION.
> > >
> > > There are other ways to detect the presence of backlog_wait_time_actual
> > > as I mentioned above.
> >
> > Let me be blunt - I honestly don't care what Steve's audit userspace
> > does to detect this.  I've got my own opinion, but Steve's audit
> > userspace is not my project to manage and I think we've established
> > over the years that Steve and I have very different views on what
> > constitutes good design.
>
> And guessing what might be in buffers of different sizes is good design? The
> FEATURE_BITMAP was introduced to get rid of this ambiguity.

There is just soo much to unpack in your comment Steve, but let me
keep it short ...

- This is an enterprise distro problem, not an upstream problem.  The
problems you are talking about are not a problem for upstream.

- You can obviously backport things, you just have to ensure you
preserve the structure order/size.  It may require you backporting
multiple features, but if you're already cherry-picking patches you've
already gone out on your own.  This approach is both obvious and
commonly done, if it hasn't occurred to you I don't know what to say.

... and finally, to be blunt again - I'm not merging a patch to add a
feature bit for this.

-- 
paul moore
www.paul-moore.com

More information about the Linux-audit mailing list