[PATCH v4 3/4] fanotify, audit: Allow audit to use the full permission event response
Steve Grubb
sgrubb at redhat.com
Fri Sep 9 14:55:40 UTC 2022
On Friday, September 9, 2022 10:38:46 AM EDT Richard Guy Briggs wrote:
> > Richard, add subj_trust and obj_trust. These can be 0|1|2 for no, yes,
> > unknown.
>
> type? bitfield? My gut would say that "0" should be "unset"/"unknown",
> but that is counterintuitive to the values represented.
>
> Or "trust" with sub-fields "subj" and "obj"?
No. just make them separate and u32. subj_trust and obj_trust - no sub fields.
If we have sub-fields, that probably means bit mapping and that wasn't wanted.
-Steve
More information about the Linux-audit
mailing list