Re: [PATCH] audit: convert status version to a feature bitmap
On 14/11/13, Steve Grubb wrote:
On Thursday, November 13, 2014 08:08:52 PM Richard Guy Briggs wrote:
> > So what terrible things happen to userspace if
> > AUDIT_VERSION_BACKLOG_WAIT_TIME becomes 0x03 instead of 0x02?
>
> But it won't. It gets the value of
> AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME, which is 0x00000002.
>
> I think you meant to ask about AUDIT_VERSION_LATEST, which would become 3.
>
> You *did* already ask that question in a previous thread, and there
> didn't seem to be a concern. Steve Grubb could likely answer this
> question better than me.
The audit 2.4.1 package has been pushed to everything from F20 -> rawhide. If
you don't see any problems, then its safe. But check carefully around the
things that you did change. Right now, we only are caring about only one
kernel feature, --loginuid-immutable. Check that it still works, auditctl -s.
Here's my output, which I assume looks sane:
[root@f20 ~]# rpm -q audit
audit-2.4.1-1.fc20.x86_64
[root@f20 ~]# auditctl -s
enabled 1
flag 1
pid 307
rate_limit 0
backlog_limit 320
lost 0
backlog 0
backlog_wait_time 60000
loginuid_immutable 0 unlocked
-Steve
- RGB
--
Richard Guy Briggs <rbriggs(a)redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545