[PATCH v2] audit: report audit wait metric in audit status reply
Richard Guy Briggs
rgb at redhat.com
Tue Dec 8 13:20:03 UTC 2020
On 2020-12-07 22:34, Steve Grubb wrote:
> On Monday, December 7, 2020 8:34:35 PM EST Richard Guy Briggs wrote:
> > On 2020-12-07 18:28, Steve Grubb wrote:
> > > Hello Max,
> > >
> > > On Monday, December 7, 2020 4:28:14 PM EST Max Englander wrote:
> > > > Steve, I'm happy to make changes to the userspace PR based on
> > > > Richard's suggestions, if that sounds good to you. I'll follow up in
> > > > the PR to discuss it more
> > >
> > > The only issue is new userspace on old kernel. I think if we use both the
> > > configure macro in addition to a size check, then it will at least allow
> > > forward and backward compatibility.
> >
> > Are you talking about a new userspace compiled on a new kernel header
> > file run on an old kernel?
>
> Yes. This is my worry. Someone compiles the code and the does a roll back. It
> can happen because the new kernel has some problems that a driver cannot
> handle.
Ok, fair enough.
> > That would be less reliable and need the
> > size check. The bitmap would be the most reliable in that scenario.
>
> Right, but the person that can make that happen doesn't want to use this
> facility for what it was intended for. So, we are all trying to do the best.
Yes, the firmness of that stance is puzzling to me...
> > By configure macro are you talking about the presence of that audit
> > status mask bit, or the presence of that struct audit_status member?
>
> Yes. But it doesn't apply to old kernels.
An "or" question usually needs one or the other reply unless both are
true... Which one were you talking about?
> -Steve
- RGB
--
Richard Guy Briggs <rgb at redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635
More information about the Linux-audit
mailing list