[RFC PATCH v1] audit: log AUDIT_TIME_* records only from rules
Richard Guy Briggs
rgb at redhat.com
Fri Dec 24 14:21:07 UTC 2021
On 2021-12-23 12:38, Paul Moore wrote:
> On Tue, Dec 21, 2021 at 3:50 PM Richard Guy Briggs <rgb at redhat.com> wrote:
> > On 2021-11-24 10:44, Paul Moore wrote:
> > > You mentioned that you wanted to do some more work on this patch so
> > > I'll hold off further comments until the updated patch is posted.
> >
> > I had a look at this patch and there is no further adjustment needed.
> > The only note is that the AUDIT_TIME_ADJNTPVAL record is printed at the
> > top of show_special() due to the need to potentially allocate multiple
> > records. Do you think this requires a comment in the description or
> > in the code just above the call to __audit_ntp_log_()?
> >
> > If not, please merge it at your convenience. Sorry to have dropped this
> > ball.
>
> No worries, I'll put the patch back on the to-review pile. However,
> since we are at -rc6 this week with the holidays in full swing it
> seems like this is something that we should defer merging until after
> the upcoming merge window closes. Now that this is no longer a RFC,
> I'll try to take a closer look and offer any additional review
> feedback next week.
Darn, missed another merge window. My fault for dropping the ball.
If I might advocate, it is a bugfix rather than a feature...
> paul moore
- RGB
--
Richard Guy Briggs <rgb at redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635
More information about the Linux-audit
mailing list