[PATCH v2] audit: report audit wait metric in audit status reply

Paul Moore paul at paul-moore.com
Fri Dec 4 20:41:06 UTC 2020 

On Thu, Dec 3, 2020 at 9:47 PM Steve Grubb <sgrubb at redhat.com> wrote:
> On Thursday, December 3, 2020 9:16:52 PM EST Paul Moore wrote:
> > > > > Author:     Richard Guy Briggs <rgb at redhat.com>
> > > > > AuthorDate: 2014-11-17 15:51:01 -0500
> > > > > Commit:     Paul Moore <pmoore at redhat.com>
> > > > > CommitDate: 2014-11-17 16:53:51 -0500
> > > > > ("audit: convert status version to a feature bitmap")
> > > > > It was introduced specifically to enable distributions to selectively
> > > > > backport features.  It was converted away from AUDIT_VERSION.
> > > > >
> > > > > There are other ways to detect the presence of
> > > > > backlog_wait_time_actual
> > > > > as I mentioned above.
> > > >
> > > > Let me be blunt - I honestly don't care what Steve's audit userspace
> > > > does to detect this.  I've got my own opinion, but Steve's audit
> > > > userspace is not my project to manage and I think we've established
> > > > over the years that Steve and I have very different views on what
> > > > constitutes good design.
> > >
> > > And guessing what might be in buffers of different sizes is good design?
> > > The FEATURE_BITMAP was introduced to get rid of this ambiguity.
> >
> > There is just soo much to unpack in your comment Steve, but let me
> > keep it short ...
> >
> > - This is an enterprise distro problem, not an upstream problem.  The
> > problems you are talking about are not a problem for upstream.
>
> You may look at it that way. I do not. Audit -userspace is also an upstream
> for a lot of distros and I need to make this painless for them. So, while you
> may think of this being a backport problem for Red Hat to solve, I think of
> this as a generic problem that I'd like to solve for Debian, Suse, Ubuntu,
> Arch, Gentoo, anyone using audit. We both are upstream.

I intentionally said "enterprise Linux distributions", I never singled
out RH/IBM.  Contrary to what RH/IBM marketing may have me believe, I
don't consider RHEL to be the only "enterprise Linux distribution" :)

Beyond that, while I haven't looked at all of the distros you list
above, I know a few of them typically only backport fixes, not new
features.  Further, as I mentioned previously in this thread, there is
a way to backport this feature in a safe manner without using the
feature bits.  Eeeeeven further, if there wasn't a way to backport
this feature safely (and let me stress agai that you can backport this
safely), I would still consider that to be a distro problem and not an
upstream kernel problem.  The upstream kernel is not responsible for
enabling or supporting arbitrary combinations of patches.

-- 
paul moore
www.paul-moore.com

More information about the Linux-audit mailing list