| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 24 Jul 2007 11:17:58 -0500 From: Joy Latten <latten@...tin.ibm.com> To: Steve Grubb <sgrubb@...hat.com> Cc: netdev@...r.kernel.org, davem@...emloft.net, linux-audit@...hat.com Subject: Re: [PATCH]: revised make xfrm_audit_log more generic patch On Tue, 2007-07-24 at 11:04 -0400, Steve Grubb wrote: > > + audit_log_format(audit_buf, "%s: auid=%u", buf, auid); > > > > if (sid != 0 && > > security_secid_to_secctx(sid, &secctx, &secctx_len) == 0) > > The operation in buf will not be parsed by the user space tools. Let's > use "op=%s " where you have "%s: " above. Audit record fields are name=value > and fields separated by spaces. "op" is what we are using in other places to > mean operation. > > I know its a change from the records above, but we previously had some detail > about what operation was being performed by the record type and this did not > matter so much. Now that we only have one event type, the meaning of the > event being recorded needs to be parsable and in a field. > > It also wouldn't hurt to change the text being sent to this function to have a > hyphen instead of a space, so "SPD delete" becomes "SPD-delete". This keeps > the parser happy. > > This patch otherwise looks good. Sounds good. I will make the changes and resend. Thanks!! Joy - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists