From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: Re: audit by role testing
Date: Tue, 4 Apr 2006 16:42:33 -0400
Message-ID: <200604041642.33478.sgrubb@redhat.com>
References: <200604031722.44377.sgrubb@redhat.com>
	<4432AE05.2080601@trustedcs.com>
Mime-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <4432AE05.2080601@trustedcs.com>
Content-Disposition: inline
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Darrel Goeddel <dgoeddel@trustedcs.com>
Cc: Linux Audit Discussion <linux-audit@redhat.com>
List-Id: linux-audit@redhat.com

On Tuesday 04 April 2006 13:33, Darrel Goeddel wrote:
> The first patch (audit-1.1.5-audit_rule_data-support.patch) basically
> mirrors all calls that use an audit_rule struct with a similar call tha=
t
> uses an audit_rule_data struct. =A0There are also a few bits that defin=
e
> things for nice compilation with the current headers. =A0This patch sho=
uld be
> completely backwards compatible since it only introduces new things (wh=
ich
> are unused).

This was a big help. I'm merging most of this patch. This is along the li=
nes=20
of what I had envisioned: parallel functions that augment (not replace) =20
current functions.

For auditctl, I'll just fix it to call the right function for the message=
=20
being sent. Meaning it will still favor the old functions except in =20
situations where it must use the new function.

Thanks,
-Steve