Re: [PATCH] Fix acct quoting in audit_log_acct_message())
On Tuesday 04 March 2008 15:43:23 Eric Paris wrote:
> > If there's no agreement with them, should we change
anything?
> > auparse is working pretty good as is.
>
> No it's not. The auparse approach is based on tables, tables which have
> been shown to be incorrect and tied to kernel versions and the patch set
> used to build that kernel version.
Can you show some example of which kernels had one thing and which
kernels another?
Some of his examples was the directory auditing code that Al wrote. In the
user space side of it, I hadn't gotten the interpretation of the fields
working because it took a long time for it to come back downstream in Fedora
and by the time we had it I forgot to go check it. It wasn't like there was a
field that changed meaning, just a normal integration issue when 2 subsystems
have different delivery schedules. :)
-Steve