From mboxrd@z Thu Jan 1 00:00:00 1970 From: Richard Guy Briggs Subject: Re: [PATCH] audit: use audit_log_task_info in audit_core_dumps and __audit_seccomp Date: Tue, 14 Jan 2014 14:07:26 -0500 Message-ID: <20140114190726.GE23577@madcap2.tricolour.ca> References: <1389668195-25196-1-git-send-email-eparis@redhat.com> <1840642.Kpxqik9TDB@x2> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Content-Disposition: inline In-Reply-To: <1840642.Kpxqik9TDB@x2> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Steve Grubb Cc: linux-audit@redhat.com List-Id: linux-audit@redhat.com On 14/01/14, Steve Grubb wrote: > On Monday, January 13, 2014 09:56:35 PM Eric Paris wrote: > > It seems that reusing the task info pattern throughout records should > > allow for faster simpler more streamlined userspace records parsing, but > > changing order like this might be a deal breaker. > > Have you tried using the ausearch test suite? I published it so that it can be > found out what all these patches will do to the stability of user space. I'd > delete your logs, reboot into test kernel, generate as many kind of events as > possible, then extract the logs and test with the test suite. Do you have a script of rules and a script of commands to accomplish the "generate as many kind of events as possible"? > -Steve - RGB -- Richard Guy Briggs Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat Remote, Ottawa, Canada Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545