On 2020-12-07 22:34, Steve Grubb wrote: > On Monday, December 7, 2020 8:34:35 PM EST Richard Guy Briggs wrote: > > On 2020-12-07 18:28, Steve Grubb wrote: > > > Hello Max, > > > > > > On Monday, December 7, 2020 4:28:14 PM EST Max Englander wrote: > > > > Steve, I'm happy to make changes to the userspace PR based on > > > > Richard's suggestions, if that sounds good to you. I'll follow up in > > > > the PR to discuss it more > > > > > > The only issue is new userspace on old kernel. I think if we use both the > > > configure macro in addition to a size check, then it will at least allow > > > forward and backward compatibility. > > > > Are you talking about a new userspace compiled on a new kernel header > > file run on an old kernel? > > Yes. This is my worry. Someone compiles the code and the does a roll back. It > can happen because the new kernel has some problems that a driver cannot > handle.
Ok, fair enough. > > That would be less reliable and need the > > size check. The bitmap would be the most reliable in that scenario. > > Right, but the person that can make that happen doesn't want to use this > facility for what it was intended for. So, we are all trying to do the best. Yes, the firmness of that stance is puzzling to me... > > By configure macro are you talking about the presence of that audit > > status mask bit, or the presence of that struct audit_status member? > > Yes. But it doesn't apply to old kernels. An "or" question usually needs one or the other reply unless both are true... Which one were you talking about? > -Steve - RGB -- Richard Guy Briggs <[email protected]> Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635 -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
