From mboxrd@z Thu Jan 1 00:00:00 1970 From: Steve Grubb Subject: Re: [RFC][PATCH] audit: add feature audit_lost reset Date: Sat, 10 Dec 2016 15:40:25 -0500 Message-ID: <2846309.PeHxrRBX1K@x2> References: <4441ca24ceedf9aabe05e2bdaae213667ee59ef1.1480765170.git.rgb@redhat.com> <20161209070014.GE22660@madcap2.tricolour.ca> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: linux-audit@redhat.com Cc: Richard Guy Briggs List-Id: linux-audit@redhat.com On Friday, December 9, 2016 6:46:43 PM EST Paul Moore wrote: > > I would suggest that the return value (presuming it was reset when > > non-zero) or the audit record generated reporting the lost value > > reset would be sufficient confirmation that the feature exists on the > > running kernel and the addition to the feature bitmap is not strictly > > necessary, but you only find this out upon attempting that lost reset. > > > > Well, we haven't used much of that bitmap space and if it isn't to be > > used when needed, why is it there? If there is a relatively simple > > alternate non-destructive way to discover the presence of a feature use > > of the bitmap isn't necessary. > > My concern isn't the absolute consumption of the bitmap, but rather > the rate of the consumption. I'm not concerned much about it. There are very few more RFE's that are either in the pipeline or something I can think of that we need. -Steve