Re: libaudit vsn 1/2 changes
On Tuesday, May 30, 2017 2:19:09 PM EDT Frederick House wrote:
Does anyone know the specific changes to libaudit v1 that warranted a
major
version upgrade to v2 (i.e., libaudit.so.0 -> libaudit.so.1)? I'd like to
understand the major differences without having to diff the source code of
audit-1.8 and audit.2.0!
From the old 2.0 changelog:
- Removed old syscall rules API - not needed since 2.6.16
- Remove all use of the old rule structs from API
- Removed ancient defines that are part of kernel 2.6.29 headers
- Bump soname number for libaudit
- In auditctl, deprecate the entry filter and move rules to exit filter
- Remove support for the legacy negate syscall rule operator
The main thing was we had to remove hidden function calls that were using an
old API that had been deprecated. Specifically this was audit_add_rule() and
audit_delete_rule(). They in turn used a deprecated kernel API.
The way that it played out was that we made the new API in the kernel. User
space used both for a while and then user space started only using the new
API. The old API was hidden so that new programs had to use the new API but
anything compiled against the old API would continue working for a while.
After a couple of years we were pretty sure nothing was using the old kernel
API and its code could be removed. The first step was removing the last bits
of support from user space and then a year or two later move it out of the
kernel.
This happened way back in 2009.
-Steve
-----Original Message-----
From: linux-audit-bounces(a)redhat.com [mailto:linux-audit-bounces@redhat.com]
On Behalf Of linux-audit-request(a)redhat.com Sent: Tuesday, May 30, 2017
13:43 PM
To: Frederick House <fred.house(a)mandiant.com>
Subject: Welcome to the "Linux-audit" mailing list
Welcome to the Linux-audit(a)redhat.com mailing list!
To post to this list, send your email to:
linux-audit(a)redhat.com
General information about the mailing list is at:
https://www.redhat.com/mailman/listinfo/linux-audit
If you ever want to unsubscribe or change your options (eg, switch to or
from digest mode, change your password, etc.), visit your subscription page
at:
https://www.redhat.com/mailman/options/linux-audit/fred.house%40mandiant.co
m
You can also make such adjustments via email by sending a message to:
Linux-audit-request(a)redhat.com
with the word `help' in the subject or body (don't include the quotes), and
you will get back a message with instructions.
You must know your password to change your options (including changing the
password, itself) or to unsubscribe. It is:
TKOSlU3vUH0qJCXgZ6Jd
Normally, Mailman will remind you of your redhat.com mailing list passwords
once every month, although you can disable this if you prefer. This
reminder will also include instructions on how to unsubscribe or change
your account options. There is also a button on your options page that
will email your current password to you.
This email and any attachments thereto may contain private, confidential,
and/or privileged material for the sole use of the intended recipient. Any
review, copying, or distribution of this email (or any attachments thereto)
by others is strictly prohibited. If you are not the intended recipient,
please contact the sender immediately and permanently delete the original
and any copies of this email and any attachments thereto.
--
Linux-audit mailing list
Linux-audit(a)redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit