Re: [PATCH] IPC_SET_PERM cleanup
On Tue, May 09, 2006 at 11:55:34AM -0400, Steve Grubb wrote:
I even updated the audit parsing specs to include all keywords:
http://people.redhat.com/sgrubb/audit/audit-parse.txt
[...]
Does ouid and ogid not fit? I'd like us to define what we need in
the parser
API and then use it in the audit messages. Ancilliary words like new, old,
last, first should not be tied with an underscore. If you find any, let me
know.
The spec doesn't define what ancillary words are, the syntax it describes
is that the audit record consists of key=value pairs.
I think the options are the following:
- adapt the spec to define ancillary words such as "new".
- add the new_THING field names to the spec (and/or rename them to
nTHING).
- use unmodified THING field names, and use the record type name to
disambiguate them.
I dislike the ancillary words since it violates the key=value format (and
the principle of least surprise), and it makes parsing more complex.
Either of the other two options would be ok with me, but I agree with
Steve that any new field names should be documented in the spec and not
just added gratuitously.
(Back in November I had proposed hierarchically structured audit records,
which would have supported structs with named fields directly, but that
discussion died in favor of ad-hoc printfs...)
-Klaus