10:02 a.m.
This patch changes some completely unused audit exports from
EXPORT_SYMBOL to EXPORT_SYMBOL_GPL.
They are still completely unused, but hopefully some of the theoretical
code that might use it will appear in the kernel in the near future...
Signed-off-by: Adrian Bunk <bunk(a)stusta.de>
Acked-by: Steve Grubb <sgrubb(a)redhat.com>
---
This patch has been sent on:
- 11 Dec 2006
--- linux-2.6.19-mm1/kernel/audit.c.old 2006-12-11 20:13:54.000000000 +0100
+++ linux-2.6.19-mm1/kernel/audit.c 2006-12-11 20:14:19.000000000 +0100
@@ -1209,7 +1209,7 @@
}
}
-EXPORT_SYMBOL(audit_log_start);
-EXPORT_SYMBOL(audit_log_end);
-EXPORT_SYMBOL(audit_log_format);
-EXPORT_SYMBOL(audit_log);
+EXPORT_SYMBOL_GPL(audit_log_start);
+EXPORT_SYMBOL_GPL(audit_log_end);
+EXPORT_SYMBOL_GPL(audit_log_format);
+EXPORT_SYMBOL_GPL(audit_log);
1:40 p.m.
On Sun, 2007-07-29 at 17:02 +0200, Adrian Bunk wrote:
This patch changes some completely unused audit exports from
EXPORT_SYMBOL to EXPORT_SYMBOL_GPL.
They are still completely unused, but hopefully some of the theoretical
code that might use it will appear in the kernel in the near future...
\
at least make them _UNUSED_ so that people can select to not have these
take up space...
2:33 p.m.
On Sun, Jul 29, 2007 at 11:40:33AM -0700, Arjan van de Ven wrote:
On Sun, 2007-07-29 at 17:02 +0200, Adrian Bunk wrote:
> This patch changes some completely unused audit exports from
> EXPORT_SYMBOL to EXPORT_SYMBOL_GPL.
>
> They are still completely unused, but hopefully some of the theoretical
> code that might use it will appear in the kernel in the near future...
AppArmor uses the audit_log_* functions. (But it is GPL, so no worries).
Ciao, Marcus
2:45 p.m.
On Sun, 2007-07-29 at 21:33 +0200, Marcus Meissner wrote:
On Sun, Jul 29, 2007 at 11:40:33AM -0700, Arjan van de Ven wrote:
> On Sun, 2007-07-29 at 17:02 +0200, Adrian Bunk wrote:
> > This patch changes some completely unused audit exports from
> > EXPORT_SYMBOL to EXPORT_SYMBOL_GPL.
> >
> > They are still completely unused, but hopefully some of the theoretical
> > code that might use it will appear in the kernel in the near future...
AppArmor uses the audit_log_* functions.
but it's not in the tree. So marking them _UNUSED_ in the tree is still
appropriate. They're there for the people who want them, they're not
there for those who want to save the space....
--
if you want to mail me at work (you don't), use arjan (at) linux.intel.com
Test the interaction between Linux and your BIOS via http://www.linuxfirmwarekit.org
8:18 a.m.
On Sunday 29 July 2007 11:02:33 Adrian Bunk wrote:
They are still completely unused, but hopefully some of the
theoretical
code that might use it will appear in the kernel in the near future...
Signed-off-by: Adrian Bunk <bunk(a)stusta.de>
Acked-by: Steve Grubb <sgrubb(a)redhat.com>
I am reluctant to say that I ack this patch for a couple reasons:
1) We are talking about a basic logging facility that should be open like
printk() is.
2) There are no user space GPL restrictions to use the audit netlink API, so
why restrict who can send audit events via the in-kernel interfaces? It just
doesn't make sense to have 2 different licenses for in-kernel vs user space
audit event recording. Its the same subsystem differing only by where the
event originated.
3) The API has been unrestricted for years. I don't think its a good idea to
take a basic logging API away from people that have programmed to it.
4) In the absence of the in-kernel audit logging api, people will either
create parallel infrastructure or resort to using printk. It will be
difficult for end users to correlate security events from 2 different logs.
I would support there being a mechanism for anyone who wants to reduce the
number of exported symbols for their own kernels - I believe that is the
basic problem here. But I think there are enough reasons to continue keeping
this API open and unrestricted for anyone that wants it that way.
-Steve
8:31 a.m.
On Mon, Jul 30, 2007 at 09:18:41AM -0400, Steve Grubb wrote:
On Sunday 29 July 2007 11:02:33 Adrian Bunk wrote:
> They are still completely unused, but hopefully some of the theoretical
> code that might use it will appear in the kernel in the near future...
>
> Signed-off-by: Adrian Bunk <bunk(a)stusta.de>
> Acked-by: Steve Grubb <sgrubb(a)redhat.com>
I am reluctant to say that I ack this patch for a couple reasons:
1) We are talking about a basic logging facility that should be open like
printk() is.
2) There are no user space GPL restrictions to use the audit netlink API, so
why restrict who can send audit events via the in-kernel interfaces? It just
doesn't make sense to have 2 different licenses for in-kernel vs user space
audit event recording. Its the same subsystem differing only by where the
event originated.
It's a well-known fact that there are legal differences between calling
kernel services from userspace and kernel modules.
3) The API has been unrestricted for years. I don't think its a
good idea to
take a basic logging API away from people that have programmed to it.
If it's such a basic API, why isn't there a single user in the kernel?
4) In the absence of the in-kernel audit logging api, people will
either
create parallel infrastructure or resort to using printk. It will be
difficult for end users to correlate security events from 2 different logs.
I would support there being a mechanism for anyone who wants to reduce the
number of exported symbols for their own kernels - I believe that is the
basic problem here. But I think there are enough reasons to continue keeping
this API open and unrestricted for anyone that wants it that way.
The Linux kernel does not offer a stable kernel API for external modules.
That's a well-known fact.
-Steve
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
6354
days inactive
6355
days old
linux-audit@lists.linux-audit.osci.io
5 comments
4 participants
participants (4)
-
Adrian Bunk -
Arjan van de Ven -
Marcus Meissner -
Steve Grubb