Re: New field to auditd.conf file

I wanted to add the namespace information in the audit record for example pid_ns,user_ns,net_ns ,Is there any possibility to add this field inside Audit structure?

On Thu, Apr 21, 2016 at 6:28 PM, Paul Moore <pmoore(a)redhat.com&gt; wrote: > As we've already mentioned several times, we can make no guarantees > regarding functionality or compatibility without seeing your code. > While it may be frustrating, this is how Open Source development > works. > > If you are interested in our help you will need to describe, in > detail, what you are trying to do and ideally post your existing code > so it can be reviewed. > > On Thu, Apr 21, 2016 at 1:25 AM, Deepika Sundar > <sundar.deepika18(a)gmail.com&gt; wrote: > > Okay,If I update the Ausearch/aureport in order to aware of the new > field in > > the audit log structure can it be feasible one? > > > > On Wed, Apr 20, 2016 at 6:00 PM, Steve Grubb <sgrubb(a)redhat.com&gt; wrote: > >> > >> On Wednesday, April 20, 2016 10:05:42 AM Deepika Sundar wrote: > >> > In general way,Is there any compatibility issues if audit log > structure > >> > gets modified? > >> > >> Yes, there can be problems if the log structure gets modified. > >> Ausearch/report > >> are highly optimized for an exact format. > >> > >> -Steve > >> > >> > >> > On Wed, Apr 13, 2016 at 6:01 PM, Steve Grubb <sgrubb(a)redhat.com&gt; > wrote: > >> > > On Wednesday, April 13, 2016 11:03:43 AM Deepika Sundar wrote: > >> > > > As per my understanding audit log structure can be extendible > based > >> > > > on > >> > > > requirements and in my project I need to add the identifier field > >> > > > for > >> > > > the > >> > > > application and as of now I couldn't able to revel the What > >> > > > application > >> > > > trying to develop to update.So,Is there any possibility that > without > >> > > > breaking any Compatibility issues I can do it ? > >> > > > >> > > I have no idea what you are doing so there is no guarantee that it > >> > > won't > >> > > break > >> > > something. If your project is going to be released as open source > its > >> > > generally best to collaborate with people so that problems can be > >> > > pointed > >> > > out. > >> > > Otherwise you risk spending a lot of time on something only to have > it > >> > > rejected. > >> > > > >> > > -Steve > >> > > > >> > > > OR If any compatibility issues please specify . > >> > > > > >> > > > On Fri, Apr 8, 2016 at 12:12 AM, Paul Moore <paul(a)paul-moore.com&gt; > >> > > > wrote: > >> > > > > On Thu, Apr 7, 2016 at 12:47 AM, Deepika Sundar > >> > > > > > >> > > > > <sundar.deepika18(a)gmail.com&gt; wrote: > >> > > > > > In the same way, in the kernel side > >> > > > > > Can I able to add one new field to the audit log structure > >> > > > > > without > >> > > > > > >> > > > > breaking > >> > > > > > >> > > > > > Compatibility? If so, > >> > > > > > > >> > > > > > 1.How can I add new field without breaking compatibility? > >> > > > > > > >> > > > > > or > >> > > > > > > >> > > > > > 2.Is there any reserve field in audit log structure so that > I > >> > > > > > can > >> > > > >> > > make > >> > > > >> > > > > use > >> > > > > > >> > > > > > of it? > >> > > > > > >> > > > > You need to be more specific about what you are trying to do. > >> > > > > Speaking generally, unless you work to get your changed merged > >> > > > > into > >> > > > > the upstream kernel and userspace tools we cannot guarantee > >> > > > > present or > >> > > > > future compatibility. > >> > > > > > >> > > > > -- > >> > > > > paul moore > >> > > > > www.paul-moore.com > >> > > > > > > -- > > Linux-audit mailing list > > Linux-audit(a)redhat.com > > https://www.redhat.com/mailman/listinfo/linux-audit > > > > -- > paul moore > security @ redhat >

-- Linux-audit mailing list Linux-audit(a)redhat.com https://www.redhat.com/mailman/listinfo/linux-audit