On Tuesday 04 March 2008 17:21:05 Eric Paris wrote: > > > > Of these, A0-4 is probably from the execve patch. I have no idea what > > > > the status of this patch is and if its upstream. I've not seen the > > > > records so this would be something very new. > > > > > > execve could always turn A0-infinity into hex. > > > > That's with a capital A0? Lower case a0 is numeric data in the syscalls > > and might be a name collision. > > hmm, no execve uses lowercase a0-inifinity. I'll look for > capitalization. But it doesn't appear to be the new execve at first > glance.
This would be an interesting problem. If you move those to capital A0-infinity it avoids a definite name collision with syscall fields. I think under the hood the library is case sensitive, but the search fields are case insensitive. So, I think it would get the interpretation right. I don't think anything is looking at these records right now, so I think we can make the change without much worry. Any other opinions? -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
