From: Adrian Bunk <bunk@stusta.de>
To: Steve Grubb <sgrubb@redhat.com>
Cc: David Woodhouse <dwmw2@infradead.org>,
linux-audit@redhat.com, linux-kernel@vger.kernel.org
Subject: Re: [2.6 patch] kernel/audit.c: change the exports to EXPORT_SYMBOL_GPL
Date: Mon, 30 Jul 2007 15:31:39 +0200 [thread overview]
Message-ID: <20070730133139.GR16817@stusta.de> (raw)
In-Reply-To: <200707300918.41408.sgrubb@redhat.com>
On Mon, Jul 30, 2007 at 09:18:41AM -0400, Steve Grubb wrote:
> On Sunday 29 July 2007 11:02:33 Adrian Bunk wrote:
> > They are still completely unused, but hopefully some of the theoretical
> > code that might use it will appear in the kernel in the near future...
> >
> > Signed-off-by: Adrian Bunk <bunk@stusta.de>
> > Acked-by: Steve Grubb <sgrubb@redhat.com>
>
> I am reluctant to say that I ack this patch for a couple reasons:
>
> 1) We are talking about a basic logging facility that should be open like
> printk() is.
>
> 2) There are no user space GPL restrictions to use the audit netlink API, so
> why restrict who can send audit events via the in-kernel interfaces? It just
> doesn't make sense to have 2 different licenses for in-kernel vs user space
> audit event recording. Its the same subsystem differing only by where the
> event originated.
It's a well-known fact that there are legal differences between calling
kernel services from userspace and kernel modules.
> 3) The API has been unrestricted for years. I don't think its a good idea to
> take a basic logging API away from people that have programmed to it.
If it's such a basic API, why isn't there a single user in the kernel?
> 4) In the absence of the in-kernel audit logging api, people will either
> create parallel infrastructure or resort to using printk. It will be
> difficult for end users to correlate security events from 2 different logs.
>
> I would support there being a mechanism for anyone who wants to reduce the
> number of exported symbols for their own kernels - I believe that is the
> basic problem here. But I think there are enough reasons to continue keeping
> this API open and unrestricted for anyone that wants it that way.
The Linux kernel does not offer a stable kernel API for external modules.
That's a well-known fact.
> -Steve
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
prev parent reply other threads:[~2007-07-30 13:32 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-07-29 15:02 [2.6 patch] kernel/audit.c: change the exports to EXPORT_SYMBOL_GPL Adrian Bunk
2007-07-29 18:40 ` Arjan van de Ven
2007-07-29 19:33 ` Marcus Meissner
2007-07-29 19:45 ` Arjan van de Ven
2007-07-29 20:26 ` Christoph Hellwig
2007-07-30 13:18 ` Steve Grubb
2007-07-30 13:31 ` Adrian Bunk [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070730133139.GR16817@stusta.de \
--to=bunk@stusta.de \
--cc=dwmw2@infradead.org \
--cc=linux-audit@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=sgrubb@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox