On Fri, May 24, 2013 at 12:11:44PM -0400, Eric Paris wrote:
The audit_status structure was not designed with extensibility in
mind.
Define a new AUDIT_SET_FEATURE message type which takes a new structure
of bits where things can be enabled/disabled/locked one at a time. This
structure should be able to grow in the future while maintaining forward
and backward compatibility (based loosly on the ideas from capabilities
and prctl)
This does not actually add any features, but is just infrastructure to
allow new on/off types of audit system features.
This is the sort of infrastructure that occured to me for the
audit_tty_status structure, when I implemented the password logging
switch...
Signed-off-by: Eric Paris <eparis(a)redhat.com>
- RGB
--
Richard Guy Briggs <rbriggs(a)redhat.com>
Senior Software Engineer
Kernel Security
AMER ENG Base Operating Systems
Remote, Ottawa, Canada
Voice: 1.647.777.2635
Internal: (81) 32635