Re: [Patch]Fix the error in the output of "auditctl -s" when auditd is stoped
On Thursday 07 August 2008 09:39:37 Eric Paris wrote:
> When auditd is stoped, "auditctl -s" will show
"pid=0". I think it's
> not correct information. It's better to tell users "auditd not
started".
We do try to keep the whole key=value pair thing in audit records.
This is for the display when you type auditctl -s and doesn't have anything to
do with audit records.
I'd be willing to go with something like -1 to make it really
clear, but
with the number of complaints about the inconsistencies of audit records
from people like John Dennis I'm not sure I'm a fan of this patch....
I don't think that's an issue since this is not in the records. My only
concern is what this might do to our test suites. For the moment, I'm just
trying to finish off what we will have in RHEL5 without changes to API that
might cause any regressions in the test suites.
Around the time that Fedora 11 work starts, I'd like to start making changes
to clean things up and have new ideas. That time is coming soon...but not
yet.
-Steve