On Sun, 2006-09-17 at 10:19 -0400, Steve Grubb wrote: > On Friday 08 September 2006 22:33, Eamon Walsh wrote: > > The attached patch adds a new function audit_log_user_avc_message_fmt > > that behaves just like audit_log_user_avc_message, but takes a format > > string and argument list instead of a fixed message string. > > Do you have examples of its use in real upstream code? I'm not opposed to > this, but I've been able to add audit messages all over the place without > duplicating the API with variadic functions.
Since we're already discussing changing the libselinux userspace avc API for logging, I guess just hold off on this patch for now. But here's the pitch: I think it's reasonable to expect that people are going to be calling the libaudit logging functions from within printf-style functions that take a format string and argument list. This is true of the current userspace avc logging callback, and the X server, where the logging functions look like ErrorF(fmt, ...). I think it's fairly common to have logging subsystems that behave like this. Currently, something like the following is required: va_list ap; char buf[MAX_AUDIT_MESSAGE_LENGTH]; va_start(ap, fmt); vsnprintf(buf, MAX_AUDIT_MESSAGE_LENGTH, fmt, ap); audit_log_user_avc_message(..., buf, ...); va_end(ap); Which could be reduced to (with the duplicate API): va_list ap; va_start(ap, fmt); audit_log_user_avc_message(..., fmt, ap, ...); va_end(ap); Which avoids the library call and doesn't care about the max_length constant. Not terribly much, but why not have a convenience function for it? -- Eamon Walsh <[EMAIL PROTECTED]> National Security Agency -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
