Re: [PATCH] audit: convert status version to a feature bitmap

On 14/11/13, Steve Grubb wrote: > On Thursday, November 13, 2014 08:08:52 PM Richard Guy Briggs wrote: > > > So what terrible things happen to userspace if > > > AUDIT_VERSION_BACKLOG_WAIT_TIME becomes 0x03 instead of 0x02? > > > > But it won't. It gets the value of > > AUDIT_FEATURE_BITMAP_BACKLOG_WAIT_TIME, which is 0x00000002. > > > > I think you meant to ask about AUDIT_VERSION_LATEST, which would become > > 3. > > > > You *did* already ask that question in a previous thread, and there > > didn't seem to be a concern. Steve Grubb could likely answer this > > question better than me. > > The audit 2.4.1 package has been pushed to everything from F20 -> rawhide. > If you don't see any problems, then its safe. But check carefully around > the things that you did change. Right now, we only are caring about only > one kernel feature, --loginuid-immutable. Check that it still works, > auditctl -s. Here's my output, which I assume looks sane: [root@f20 ~]# rpm -q audit audit-2.4.1-1.fc20.x86_64 [root@f20 ~]# auditctl -s enabled 1 flag 1 pid 307 rate_limit 0 backlog_limit 320 lost 0 backlog 0 backlog_wait_time 60000 loginuid_immutable 0 unlocked