On Sun, Mar 22, 2015 at 8:55 PM, Li RongQing <roy.qing.li(a)gmail.com> wrote:
On Mon, Mar 23, 2015 at 8:51 AM, Li RongQing
<roy.qing.li(a)gmail.com> wrote:
> On Fri, Mar 20, 2015 at 9:29 PM, Paul Moore <paul(a)paul-moore.com> wrote:
>> On Fri, Mar 20, 2015 at 12:55 AM, <roy.qing.li(a)gmail.com> wrote:
>>> From: Li RongQing <roy.qing.li(a)gmail.com>
>>>
>>> After 2f9783669 [ARM: 7412/1: audit: use only AUDIT_ARCH_ARM regardless
>>> of endianness], no kernel user uses this macro;
>>>
>>> Keeping this macro, only makes the compiling old version audit [before
>>> changeset 931 Improve ARM and AARCH64 support] success, but the audit
>>> program can not work with the kernel after 2f9783669 still,
>>> since no syscall entry is enabled for AUDIT_ARCH_ARMEB in kernel.
>>>
>>> so remove it to force to use the latest audit program
>>>
>>> Signed-off-by: Li RongQing <roy.qing.li(a)gmail.com>
>>> ---
>>> other workaround is to define AUDIT_ARCH_ARMEB as AUDIT_ARCH_ARM,
>>> but it seems very strange
>>>
>>> include/uapi/linux/audit.h | 1 -
>>> 1 file changed, 1 deletion(-)
>>
>> Since this #define lives in the user visible headers I don't want to
>> remove it and risk causing a userspace breakage. Leaving the #define
>> in the header, even if it is
it is harm, when I compile the audit-2.3.2 for a arm machine, whose linux kernel
is 3.14; no compile error, but audit does not work; spend one day debug to find
the root cause is the audit used MACH_ARMEB, but kernel replaced MACH_ARMEB
with MACH_ARM
grep WITH_ARMEB ./lib/machinetab.h -A10
#ifdef WITH_ARMEB
_S(MACH_ARMEB, "armeb" )
_S(MACH_ARMEB, "armv5tejl")
_S(MACH_ARMEB, "armv5tel")
_S(MACH_ARMEB, "armv6l")
_S(MACH_ARMEB, "armv7l")
#endif
removal of MACH_ARMEB will let the user find this issue when compile, not
run.
[NOTE: Adding the linux-arm folks to this thread just in case they are
interested.]
I'm not an ARM expert, but the kernel #define for AUDIT_ARCH_ARMEB
(below) seems reasonable to me based on the other audit machine
definitions. There is clearly a mismatch between the kernel and the
audit userspace, but I wonder if the issue should be addressed in the
userspace tools. Further, you mention kernel 3.14, what happens with
kernel 3.19 and the most recent audit userspace tools?
grep "AUDIT_ARCH_ARMEB" include/uapi/linux/audit.h
#define AUDIT_ARCH_ARMEB (EM_ARM)
-Paul
--
paul moore
www.paul-moore.com