On Fri, 2012-02-17 at 10:42 -0200, Marcelo Cerri wrote: > I'd like to know if these fields should be treated the same way as escaped > fields by libauparse or maybe it should be changed in the kernel.
Users of the audit system may choose to use it however they like. Steve and I have agreed to disagree (or at least realized that we will never agree) on the use of 'audit_log_string'. As the audit kernel maintainer I will not ask AppArmor to change what they use and I will continue to request more users of the kernel audit system to use the *log_string functions instead of using %s. Given that, I think the only reasonable option is your patch, so thank you so much! -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
