Re: [PATCH] auparse: apparmor fields
On Fri, 2012-02-17 at 10:42 -0200, Marcelo Cerri wrote:
I'd like to know if these fields should be treated the same way
as escaped
fields by libauparse or maybe it should be changed in the kernel.
Users of the audit system may choose to use it however they like. Steve
and I have agreed to disagree (or at least realized that we will never
agree) on the use of 'audit_log_string'. As the audit kernel maintainer
I will not ask AppArmor to change what they use and I will continue to
request more users of the kernel audit system to use the *log_string
functions instead of using %s.
Given that, I think the only reasonable option is your patch, so thank
you so much!