Re: [PATCH] IPC_SET_PERM cleanup
On Wednesday 10 May 2006 14:05, Linda Knippers wrote:
We have existing code we're supporting that doesn't use your
parser and
we're not planning to re-write our code.
You'll have to make some mods to it, things have changed in various places.
I don't know how many other people are in the same position. I
also think
its helpful if the output of ausearch is easily grepable.
It will be. Nothing has changed here.
I think what these examples show is that there is no consistency.
It shows that modifiers are not being added to every keyword.
> "audit_rate_limit=%d old=%d by auid=%u"
> "audit_backlog_limit=%d old=%d by auid=%u"
What does "by" signify as a modifier?
Its not a modifier, its there for human readability.
>>especially since there's currently no well defined
concept of name
>> modifiers like "new"
>
> Its used in many places, but you are more likely to run across old. The
> function in the specs that was intended to do this was:
>
> const char *auparse_get_field_name_aux(auparse_state_t *au) - return
> supplemental information about the field's name.
If I used the APIs then I have to look at the aux information for a
bunch of records I don't want because I can't directly search for the
ones I do?
Or use reg expr matching.
-Steve