Re: ABI guarantee for auditd

public inbox for linux-audit@redhat.com
 help / color / mirror / Atom feed

From: Steve Grubb <sgrubb@redhat.com>
To: linux-audit@redhat.com
Subject: Re: ABI guarantee for auditd
Date: Thu, 15 Jan 2015 15:44:15 -0500	[thread overview]
Message-ID: <9201597.kpTtueEqur@x2> (raw)
In-Reply-To: <3fbf5caa9cacbccadda7623eabadbc05@thefroid.net>

On Thursday, January 15, 2015 12:24:38 PM hsultan@thefroid.net wrote:
> Regarding auditd, what is the ABI guarantee ? Do you guarantee that the
> text contained in audit_reply->msg.data will always be the same format ?
> I imagine you reserve the right to add fields, but how about removing
> any or even reordering them ?

Its happens on occasion. Requirements change, bugs are found, new features 
asked for.

> Or are people simply required to use auparse to guarantee they get
> records properly ?

Nobody is _required_ to do anything. :-)  But, if there are changes, auparse 
will definitely be updated because its used for a lot of purposes. I haven't 
found a problem yet that it couldn't handle. There are also plans to give it 
more capabilities later in the spring.

The intention of the auparse library is that anyone wanting to write an 
analytical application can use it to get something working without having to 
become an audit expert. You don't have to worry about where to lookup 
information to translate the fields from numbers to human readable form.

> Also, regarding 'unofficial' ABI compatibility, when has the
> audit_reply->msg.data format changed last ? Say these past 3-4 years,
> were there any changes in the format or could I use a faster, but
> specifically focused parser on the msgs when detecting older releases at
> least ?

The format of some events does change on occasion. Usually its after a problem 
is identified.

-Steve

next prev parent reply	other threads:[~2015-01-15 20:44 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-01-15 20:24 ABI guarantee for auditd hsultan
2015-01-15 20:44 ` Steve Grubb [this message]
2015-01-15 22:34   ` hsultan
2015-01-15 22:59     ` Steve Grubb
2015-01-16  2:20       ` hsultan
2015-01-16  4:45         ` Hassan Sultan
2015-01-16 13:48         ` Steve Grubb
2015-01-16 21:34           ` hsultan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=9201597.kpTtueEqur@x2 \
    --to=sgrubb@redhat.com \
    --cc=linux-audit@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox