From mboxrd@z Thu Jan 1 00:00:00 1970 From: Steve Grubb Subject: Re: [PATCH] IPC_SET_PERM cleanup Date: Wed, 10 May 2006 14:20:09 -0400 Message-ID: <200605101420.10055.sgrubb@redhat.com> References: <445BB351.2040303@hp.com> <200605101328.36108.sgrubb@redhat.com> <44622B6D.5060503@hp.com> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Return-path: In-Reply-To: <44622B6D.5060503@hp.com> Content-Disposition: inline List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Linda Knippers Cc: linux-audit@redhat.com List-Id: linux-audit@redhat.com On Wednesday 10 May 2006 14:05, Linda Knippers wrote: > We have existing code we're supporting that doesn't use your parser and > we're not planning to re-write our code. You'll have to make some mods to it, things have changed in various place= s. > I don't know how many other people are in the same position. =A0I also = think > its helpful if the output of ausearch is easily grepable. It will be. Nothing has changed here. > I think what these examples show is that there is no consistency. It shows that modifiers are not being added to every keyword. > > "audit_rate_limit=3D%d old=3D%d by auid=3D%u" > > "audit_backlog_limit=3D%d old=3D%d by auid=3D%u" > > What does "by" signify as a modifier? Its not a modifier, its there for human readability. > >>especially since there's currently no well defined concept of name > >> modifiers like "new" > > > > Its used in many places, but you are more likely to run across old. T= he > > function in the specs that was intended to do this was: > > > > const char *auparse_get_field_name_aux(auparse_state_t *au) - return = =A0 > > supplemental information about the field's name. > > If I used the APIs then I have to look at the aux information for a > bunch of records I don't want because I can't directly search for the > ones I do? Or use reg expr matching. -Steve