From: Adrian Bunk <bunk@stusta.de>
To: Steve Grubb <sgrubb@redhat.com>
Cc: linux-audit@redhat.com, David Woodhouse <dwmw2@infradead.org>,
linux-kernel@vger.kernel.org
Subject: Re: [2.6 patch] kernel/audit.c: change the exports to EXPORT_SYMBOL_GPL
Date: Mon, 30 Jul 2007 15:31:39 +0200 [thread overview]
Message-ID: <20070730133139.GR16817@stusta.de> (raw)
In-Reply-To: <200707300918.41408.sgrubb@redhat.com>
On Mon, Jul 30, 2007 at 09:18:41AM -0400, Steve Grubb wrote:
> On Sunday 29 July 2007 11:02:33 Adrian Bunk wrote:
> > They are still completely unused, but hopefully some of the theoretical
> > code that might use it will appear in the kernel in the near future...
> >
> > Signed-off-by: Adrian Bunk <bunk@stusta.de>
> > Acked-by: Steve Grubb <sgrubb@redhat.com>
>
> I am reluctant to say that I ack this patch for a couple reasons:
>
> 1) We are talking about a basic logging facility that should be open like
> printk() is.
>
> 2) There are no user space GPL restrictions to use the audit netlink API, so
> why restrict who can send audit events via the in-kernel interfaces? It just
> doesn't make sense to have 2 different licenses for in-kernel vs user space
> audit event recording. Its the same subsystem differing only by where the
> event originated.
It's a well-known fact that there are legal differences between calling
kernel services from userspace and kernel modules.
> 3) The API has been unrestricted for years. I don't think its a good idea to
> take a basic logging API away from people that have programmed to it.
If it's such a basic API, why isn't there a single user in the kernel?
> 4) In the absence of the in-kernel audit logging api, people will either
> create parallel infrastructure or resort to using printk. It will be
> difficult for end users to correlate security events from 2 different logs.
>
> I would support there being a mechanism for anyone who wants to reduce the
> number of exported symbols for their own kernels - I believe that is the
> basic problem here. But I think there are enough reasons to continue keeping
> this API open and unrestricted for anyone that wants it that way.
The Linux kernel does not offer a stable kernel API for external modules.
That's a well-known fact.
> -Steve
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
WARNING: multiple messages have this Message-ID (diff)
From: Adrian Bunk <bunk@stusta.de>
To: Steve Grubb <sgrubb@redhat.com>
Cc: David Woodhouse <dwmw2@infradead.org>,
linux-audit@redhat.com, linux-kernel@vger.kernel.org
Subject: Re: [2.6 patch] kernel/audit.c: change the exports to EXPORT_SYMBOL_GPL
Date: Mon, 30 Jul 2007 15:31:39 +0200 [thread overview]
Message-ID: <20070730133139.GR16817@stusta.de> (raw)
In-Reply-To: <200707300918.41408.sgrubb@redhat.com>
On Mon, Jul 30, 2007 at 09:18:41AM -0400, Steve Grubb wrote:
> On Sunday 29 July 2007 11:02:33 Adrian Bunk wrote:
> > They are still completely unused, but hopefully some of the theoretical
> > code that might use it will appear in the kernel in the near future...
> >
> > Signed-off-by: Adrian Bunk <bunk@stusta.de>
> > Acked-by: Steve Grubb <sgrubb@redhat.com>
>
> I am reluctant to say that I ack this patch for a couple reasons:
>
> 1) We are talking about a basic logging facility that should be open like
> printk() is.
>
> 2) There are no user space GPL restrictions to use the audit netlink API, so
> why restrict who can send audit events via the in-kernel interfaces? It just
> doesn't make sense to have 2 different licenses for in-kernel vs user space
> audit event recording. Its the same subsystem differing only by where the
> event originated.
It's a well-known fact that there are legal differences between calling
kernel services from userspace and kernel modules.
> 3) The API has been unrestricted for years. I don't think its a good idea to
> take a basic logging API away from people that have programmed to it.
If it's such a basic API, why isn't there a single user in the kernel?
> 4) In the absence of the in-kernel audit logging api, people will either
> create parallel infrastructure or resort to using printk. It will be
> difficult for end users to correlate security events from 2 different logs.
>
> I would support there being a mechanism for anyone who wants to reduce the
> number of exported symbols for their own kernels - I believe that is the
> basic problem here. But I think there are enough reasons to continue keeping
> this API open and unrestricted for anyone that wants it that way.
The Linux kernel does not offer a stable kernel API for external modules.
That's a well-known fact.
> -Steve
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
next prev parent reply other threads:[~2007-07-30 13:31 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-07-29 15:02 [2.6 patch] kernel/audit.c: change the exports to EXPORT_SYMBOL_GPL Adrian Bunk
2007-07-29 18:40 ` Arjan van de Ven
2007-07-29 18:40 ` Arjan van de Ven
2007-07-29 19:33 ` Marcus Meissner
2007-07-29 19:33 ` Marcus Meissner
2007-07-29 19:45 ` Arjan van de Ven
2007-07-29 19:45 ` Arjan van de Ven
2007-07-29 20:26 ` Christoph Hellwig
2007-07-30 13:18 ` Steve Grubb
2007-07-30 13:18 ` Steve Grubb
2007-07-30 13:31 ` Adrian Bunk [this message]
2007-07-30 13:31 ` Adrian Bunk
-- strict thread matches above, loose matches on Subject: below --
2006-11-28 1:28 [2.6 patch] kernel/audit.c: remove unused exports Adrian Bunk
2006-11-28 19:18 ` Tony Jones
2006-11-28 19:27 ` David Woodhouse
2006-12-11 20:42 ` [2.6 patch] kernel/audit.c: change the exports to EXPORT_SYMBOL_GPL Adrian Bunk
2006-12-11 20:48 ` Steve Grubb
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070730133139.GR16817@stusta.de \
--to=bunk@stusta.de \
--cc=dwmw2@infradead.org \
--cc=linux-audit@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=sgrubb@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.