On Tue, 2013-07-09 at 14:30 -0400, Steve Grubb wrote:
> I can certainly shoehorn a 4 state interface into AUDIT_SET/GET.
Does the new interface support more than 4 a state variable? Suppose
we need
to set a number value like 8192, will it do that?
No. The new interface is written to be on/off locked/unlock
The get/set interface could be extended to allow for this. We'd have to
grow the size of struct audit_status with a new __u32. Kernel space
would have to 0 out the struct and overwrite it with what it got from
userspace. Userspace would just have to ignore the additional info from
a read...
I agree, a version field is useful.