[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4753948.GXAFRqVoOG@x2>
Date: Wed, 07 Sep 2022 16:11:45 -0400
From: Steve Grubb <sgrubb@...hat.com>
To: Paul Moore <paul@...l-moore.com>,
Richard Guy Briggs <rgb@...hat.com>
Cc: Jan Kara <jack@...e.cz>,
Linux-Audit Mailing List <linux-audit@...hat.com>,
LKML <linux-kernel@...r.kernel.org>,
linux-fsdevel@...r.kernel.org, Eric Paris <eparis@...isplace.org>,
Amir Goldstein <amir73il@...il.com>
Subject: Re: [PATCH v4 3/4] fanotify,audit: Allow audit to use the full permission event response
On Wednesday, September 7, 2022 2:43:54 PM EDT Richard Guy Briggs wrote:
> > > Ultimately I guess I'll leave it upto audit subsystem what it wants to
> > > have in its struct fanotify_response_info_audit_rule because for
> > > fanotify subsystem, it is just an opaque blob it is passing.
> >
> > In that case, let's stick with leveraging the type/len fields in the
> > fanotify_response_info_header struct, that should give us all the
> > flexibility we need.
> >
> > Richard and Steve, it sounds like Steve is already aware of additional
> > information that he wants to send via the
> > fanotify_response_info_audit_rule struct, please include that in the
> > next revision of this patchset. I don't want to get this merged and
> > then soon after have to hack in additional info.
>
> Steve, please define the type and name of this additional field.
Maybe extra_data, app_data, or extra_info. Something generic that can be
reused by any application. Default to 0 if not present.
Thanks,
-Steve
Powered by blists - more mailing lists