[PATCH v2] audit: report audit wait metric in audit status reply
Paul Moore
paul at paul-moore.com
Fri Dec 4 02:16:52 UTC 2020
On Thu, Dec 3, 2020 at 6:55 PM Steve Grubb <sgrubb at redhat.com> wrote:
> On Thursday, December 3, 2020 6:43:11 PM EST Paul Moore wrote:
> > > So far there are only seven bits used out of 32, so it does not appear we
> > > are in danger of running out anytime soon.
>
> Exactly. Even capability bits are easier to get assigned. :-)
Another way to look at it is that we've exhausted approximately
one-third of the space in six years. In reality it is worse than that
as I've been putting the brakes on new feature bits for a while now.
> > > It was introduced with commit 0288d7183c41c0192d2963d44590f346f4aee917
> > > Author: Richard Guy Briggs <rgb at redhat.com>
> > > AuthorDate: 2014-11-17 15:51:01 -0500
> > > Commit: Paul Moore <pmoore at redhat.com>
> > > CommitDate: 2014-11-17 16:53:51 -0500
> > > ("audit: convert status version to a feature bitmap")
> > > It was introduced specifically to enable distributions to selectively
> > > backport features. It was converted away from AUDIT_VERSION.
> > >
> > > There are other ways to detect the presence of backlog_wait_time_actual
> > > as I mentioned above.
> >
> > Let me be blunt - I honestly don't care what Steve's audit userspace
> > does to detect this. I've got my own opinion, but Steve's audit
> > userspace is not my project to manage and I think we've established
> > over the years that Steve and I have very different views on what
> > constitutes good design.
>
> And guessing what might be in buffers of different sizes is good design? The
> FEATURE_BITMAP was introduced to get rid of this ambiguity.
There is just soo much to unpack in your comment Steve, but let me
keep it short ...
- This is an enterprise distro problem, not an upstream problem. The
problems you are talking about are not a problem for upstream.
- You can obviously backport things, you just have to ensure you
preserve the structure order/size. It may require you backporting
multiple features, but if you're already cherry-picking patches you've
already gone out on your own. This approach is both obvious and
commonly done, if it hasn't occurred to you I don't know what to say.
... and finally, to be blunt again - I'm not merging a patch to add a
feature bit for this.
--
paul moore
www.paul-moore.com
More information about the Linux-audit
mailing list