From mboxrd@z Thu Jan  1 00:00:00 1970
From: Matthew Booth <mbooth@redhat.com>
Subject: Re: Performance of libauparse
Date: Wed, 01 Oct 2008 17:08:44 +0100
Message-ID: <48E3A08C.2030501@redhat.com>
References: <48E22AC8.8010906@redhat.com> <48E27B7E.3050000@redhat.com>
	<1222866927.28251.115.camel@localhost.localdomain>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <1222866927.28251.115.camel@localhost.localdomain>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Eric Paris <eparis@redhat.com>
Cc: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

Eric Paris wrote:
> On Tue, 2008-09-30 at 15:18 -0400, John Dennis wrote:
>> Eric likes to point out we can't change the 
>> kernel
> 
> Close, but not quite.  I say we can't change the kernel without complete
> backwards compatibility.  Show me the right solution and we can get
> there, we just can't throw away what's already there.

My other mail listed 6 ways in which audit *has already broken* 
userspace through non-backwards compatibility. That list came from a 
very quick search, and were only the changes which unarguably broke 
userspace. There are undoubtedly far more. If you look at those 6 
changes, each has been a genuine improvement but broke userspace 
nonetheless. The situation is still very messy, and this will continue 
to happen because the protocol has evolved organically rather than 
through deliberate design, and was not designed for extensibility.

The next time somebody suggests breaking userspace you could take the 
opportunity to implement a new protocol instead. The current protocol 
could be frozen, and the new protocol implemented in parallel. It seems 
to me that the biggest chunk of work to do this would be in the protocol 
design. As the same data will likely be output in the same places, most 
of the coding should be donkey work to change the format. As far as 
kernel infrastructure changes go, this wouldn't be a big one.

Matt
-- 
Matthew Booth, RHCA, RHCSS
Red Hat, Global Professional Services

M:       +44 (0)7977 267231
GPG ID:  D33C3490
GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490