From mboxrd@z Thu Jan  1 00:00:00 1970
From: Klaus Weidner <klaus@atsec.com>
Subject: Re: [PATCH] IPC_SET_PERM cleanup
Date: Wed, 10 May 2006 11:29:02 -0500
Message-ID: <20060510162902.GG31457@w-m-p.com>
References: <445BB351.2040303@hp.com> <20060509203608.GF31457@w-m-p.com>
	<4460FFA6.4070506@hp.com> <200605101002.31857.sgrubb@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx3.redhat.com (mx3.redhat.com [172.16.48.32])
	by int-mx1.corp.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id
	k4AGTNTL012059
	for <linux-audit@redhat.com>; Wed, 10 May 2006 12:29:23 -0400
Received: from mail.atsec.com (mail.atsec.com [195.30.252.105])
	by mx3.redhat.com (8.13.1/8.13.1) with ESMTP id k4AGTGCT010384
	for <linux-audit@redhat.com>; Wed, 10 May 2006 12:29:17 -0400
Content-Disposition: inline
In-Reply-To: <200605101002.31857.sgrubb@redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Steve Grubb <sgrubb@redhat.com>
Cc: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

On Wed, May 10, 2006 at 10:02:31AM -0400, Steve Grubb wrote:
> On Tuesday 09 May 2006 16:46, Linda Knippers wrote:
> > > The original patches by Dustin and Linda had used "new_iuid=501" to
> > > differentiate the values, which I personally think was fine since it's
> > > unlikely that people want to be searching for those.
> >
> > And if they do, they're easy to find with an ausearch | grep.
> 
> This is at the wrong level. There may be people that are writing programs that 
> want any ouid. I want to stop the proliferation of field names and follow a 
> convention. Forget whether or not you think people will ever want the 
> information. We need a convention and then to follow it.

Yes - but "new ouid" is also a different field name from "ouid", and
unnecessarily hard to parse, especially since there's currently no well
defined concept of name modifiers like "new".

> > > If you absolutely want to avoid adding new tag names, an alternative
> > > would be to get rid of the "new " modifiers, and use the "type=" name to
> > > differentiate them. 
> 
> I don't want a proliferation of type names either. I think we have a lot of 
> them and should try to use existing ones where possible.

A list of existing record types would be useful. In this case, it's a
legitimate difference between "current object attributes" and "requested
new object attributes" sub-records that need to be distinct for the
syscall event, so using different types sounds appropriate.

-Klaus