lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:	Tue, 24 Jul 2007 11:17:58 -0500
From:	Joy Latten <>
To:	Steve Grubb <>
Subject: Re: [PATCH]: revised make xfrm_audit_log more generic patch

On Tue, 2007-07-24 at 11:04 -0400, Steve Grubb wrote:

> > +       audit_log_format(audit_buf, "%s: auid=%u", buf, auid);
> >  
> >         if (sid != 0 &&
> >                 security_secid_to_secctx(sid, &secctx, &secctx_len) == 0)
> The operation in buf will not be parsed by the user space tools. Let's 
> use "op=%s " where you have "%s: " above. Audit record fields are name=value 
> and fields separated by spaces. "op" is what we are using in other places to 
> mean operation. 
> I know its a change from the records above, but we previously had some detail 
> about what operation was being performed by the record type and this did not 
> matter so much. Now that we only have one event type, the meaning of the 
> event being recorded needs to be parsable and in a field. 
> It also wouldn't hurt to change the text being sent to this function to have a 
> hyphen instead of a space, so "SPD delete" becomes "SPD-delete". This keeps 
> the parser happy.
> This patch otherwise looks good.

Sounds good. I will make the changes and resend. 

To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists