[RFC PATCH v1] audit: log AUDIT_TIME_* records only from rules
Paul Moore
paul at paul-moore.com
Thu Dec 23 17:38:54 UTC 2021
On Tue, Dec 21, 2021 at 3:50 PM Richard Guy Briggs <rgb at redhat.com> wrote:
> On 2021-11-24 10:44, Paul Moore wrote:
>
> > You mentioned that you wanted to do some more work on this patch so
> > I'll hold off further comments until the updated patch is posted.
>
> I had a look at this patch and there is no further adjustment needed.
> The only note is that the AUDIT_TIME_ADJNTPVAL record is printed at the
> top of show_special() due to the need to potentially allocate multiple
> records. Do you think this requires a comment in the description or
> in the code just above the call to __audit_ntp_log_()?
>
> If not, please merge it at your convenience. Sorry to have dropped this
> ball.
No worries, I'll put the patch back on the to-review pile. However,
since we are at -rc6 this week with the holidays in full swing it
seems like this is something that we should defer merging until after
the upcoming merge window closes. Now that this is no longer a RFC,
I'll try to take a closer look and offer any additional review
feedback next week.
--
paul moore
www.paul-moore.com
More information about the Linux-audit
mailing list