From mboxrd@z Thu Jan 1 00:00:00 1970 From: Steve Grubb Subject: Re: [RFC PATCH ghak89 V1] audit: rename FILTER_TYPE to FILTER_EXCL Date: Fri, 01 Jun 2018 15:37:12 -0400 Message-ID: <3103310.DmySlM89QI@x2> References: <3cc638761823cf16ea71f1c58165832f4b469864.1527798085.git.rgb@redhat.com> <2854681.bEeL9C3IDq@x2> <20180601191215.a2ejmndztalpmpjk@madcap2.tricolour.ca> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20180601191215.a2ejmndztalpmpjk@madcap2.tricolour.ca> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Richard Guy Briggs Cc: Linux-Audit Mailing List List-Id: linux-audit@redhat.com On Friday, June 1, 2018 3:12:15 PM EDT Richard Guy Briggs wrote: > On 2018-06-01 15:03, Steve Grubb wrote: > > On Friday, June 1, 2018 1:58:34 PM EDT Richard Guy Briggs wrote: > > > On 2018-06-01 12:55, Steve Grubb wrote: > > > > On Thursday, May 31, 2018 6:21:20 PM EDT Richard Guy Briggs wrote: > > > > > On 2018-05-31 17:29, Steve Grubb wrote: > > > > > > On Thursday, May 31, 2018 4:23:09 PM EDT Richard Guy Briggs wrote: > > > > > > > The AUDIT_FILTER_TYPE name is vague and misleading due to not > > > > > > > describing > > > > > > > where or when the filter is applied and obsolete due to its > > > > > > > available > > > > > > > filter fields having been expanded. > > > > > > > > > > > > > > Userspace has already renamed it from AUDIT_FILTER_TYPE to > > > > > > > AUDIT_FILTER_EXCLUDE without checking if it already exists. > > > > > > > > > > > > Historically speaking, this is not why it is the way it is. But I > > > > > > think > > > > > > it > > > > > > doesn't mean that you cannot do something like this: > > > > > > > > > > > > #define AUDIT_FILTER_EXCLUDE AUDIT_FILTER_TYPE > > > > > > > > > > I was originally hoping to do that, but that then causes a build > > > > > error > > > > > on any previous version of audit userspace. > > > > > > > > I cannot reproduce this. What error did you get? What version of gcc? > > > > > > I didn't even try to compile it since I'd predicted that there would be > > > a symbol definition conflict. > > > > > > How did you not get a conflict with that definition also in the kernel > > > header? > > > > It's an identical definition. That's OK. Changes to a definition is last > > one wins - but you get a warning not an error. > > Do any distros compile with -Werror? Audit itself can't be compiled with -Werror as there are lots of warnings about using string functions with unsigned chars. However, libaudit.h is used in 20 or so packages and there is a chance one may have -Werror. But I think its unlikely based on a recent project which involved looking over static analysis results for a large chunk of the Fedora 27 repo. Out of 4730 source packages, 84 had no compiler warnings. So, I'd say its next to impossible for any distribution to make -Werror a blanket policy. -Steve