Re: [PATCH] fix ppid bug in 2.6.18 kernel
Steve Grubb wrote: [Mon Aug 28 2006, 03:22:14PM EDT]
On Monday 28 August 2006 14:59, Amy Griffis wrote:
> AUDIT_PPID was recently added, so shouldn't be supported for the
> legacy structure.
There's no harm in adding it here. Lets old userspace work with new kernels.
> Instead auditctl should use struct audit_rule_data for rules with
> AUDIT_PPID.
The way that it currently works is that it uses the old structures until it
decides that it needs the new structures (key, watch, etc). It needs to do
this so that people can boot into old kernels and issue audit commands. FC5
includes 2.6.16 kernel and I will be pushing the current audit userspace into
FC5 when we know that everything works fine for 2.6.18. So, FC5 will have
users with both kinds of kernels.
I will be removing all the old audit_rule stuff soon so that auditctl uses
nothing but the new interface. Somewhere around 2.6.20, we should pull all
the old audit_rule struct stuff from the kernel, too.
Okay, I'm glad to hear it. My concern was not to support the legacy
structure indefinitely.
But in the mean time, we should support both equally when it makes
sense.
-Steve