public inbox for linux-audit@redhat.com
 help / color / mirror / Atom feed
* [RFC] Drop support for old audit rule API
@ 2009-02-27 15:15 Steve Grubb
  2009-07-28 18:34 ` Steve Grubb
  0 siblings, 1 reply; 2+ messages in thread
From: Steve Grubb @ 2009-02-27 15:15 UTC (permalink / raw)
  To: Linux Audit

Hi,

Another thought for the next major release is to drop support for the old 
audit rules API in libaudit. A long time ago, the function prototypes for:

extern int  audit_request_rules_list(int fd);
extern int  audit_add_rule(int fd, struct audit_rule *rule,
                                int flags, int action);
extern int  audit_delete_rule(int fd, struct audit_rule *rule,
                                int flags, int action);
extern int  audit_rule_syscall(struct audit_rule *rule, int scall);
extern int  audit_rule_syscallbyname(struct audit_rule *rule,
                                const char *scall);
extern int  audit_rule_fieldpair(struct audit_rule *rule, const char *pair,
                                int flags);
extern void audit_rule_free(struct audit_rule *rule);

Were moved to a private internal header. This was to encourage any external 
apps from using them, but if they had been previously compiled to know about 
the API, they would still be able to link and run.

As far as I know, auditctl & autrace are the only apps that would be affected. 
There very well may be some 3rd party apps I don't know about that this could 
impact. Hopefully they are on this list or moved their function calls when 
the prototype disappeared.

The proposal is to drop the above mentioned functions and bump the soname 
number so that anything linking against libaudit has to be recompiled to make 
sure they have no old function calls. At some point in the future, we can 
also remove the kernel's support for the old rule format.

Let's discuss....

-Steve

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [RFC] Drop support for old audit rule API
  2009-02-27 15:15 [RFC] Drop support for old audit rule API Steve Grubb
@ 2009-07-28 18:34 ` Steve Grubb
  0 siblings, 0 replies; 2+ messages in thread
From: Steve Grubb @ 2009-07-28 18:34 UTC (permalink / raw)
  To: linux-audit

Hi,

Another reminder. I have branched the audit svn to have a 1.8 series and the 
development trunk. The below proposal changed the API. So to be sure that any 
programs that could be impacted are found, I have bumped the soname number. 
This will require distributions to recompile everything linked to libaudit. 
So, this is the forward looking audit development and the 1.8 branch will 
still be supported with bugfixes for a while.

At the same time, I have cleaned out the header files in trunk so that a 2.6.29 
kernel or later is required. The development trunk in svn will become the 2.0 
release very soon.

-Steve

On Friday 27 February 2009 10:15:19 am Steve Grubb wrote:
> Another thought for the next major release is to drop support for the old
> audit rules API in libaudit. A long time ago, the function prototypes for:
>
> extern int  audit_request_rules_list(int fd);
> extern int  audit_add_rule(int fd, struct audit_rule *rule,
>                                 int flags, int action);
> extern int  audit_delete_rule(int fd, struct audit_rule *rule,
>                                 int flags, int action);
> extern int  audit_rule_syscall(struct audit_rule *rule, int scall);
> extern int  audit_rule_syscallbyname(struct audit_rule *rule,
>                                 const char *scall);
> extern int  audit_rule_fieldpair(struct audit_rule *rule, const char *pair,
>                                 int flags);
> extern void audit_rule_free(struct audit_rule *rule);
>
> Were moved to a private internal header. This was to encourage any external
> apps from using them, but if they had been previously compiled to know
> about the API, they would still be able to link and run.
>
> As far as I know, auditctl & autrace are the only apps that would be
> affected. There very well may be some 3rd party apps I don't know about
> that this could impact. Hopefully they are on this list or moved their
> function calls when the prototype disappeared.
>
> The proposal is to drop the above mentioned functions and bump the soname
> number so that anything linking against libaudit has to be recompiled to
> make sure they have no old function calls. At some point in the future, we
> can also remove the kernel's support for the old rule format.
>
> Let's discuss....
>
> -Steve
>
> --
> Linux-audit mailing list
> Linux-audit@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2009-07-28 18:33 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-02-27 15:15 [RFC] Drop support for old audit rule API Steve Grubb
2009-07-28 18:34 ` Steve Grubb

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox