On Wed, Feb 18, 2015 at 5:32 PM, Richard Guy Briggs <[email protected]> wrote: > On 15/02/18, Paul Moore wrote: >> I would imagine a scenario where we introduced the new format in stages: >> >> #1 - Move in-kernel audit record string generation completely into >> kernel/audit*.c. Benefits everyone regardless of the audit format. > > Ok. > >> #2 - Introduce a versioned audit API. The most difficult step for >> obvious reasons. > > That infrastructure should already be in place. We just converted over > the version field to a bitfield listing the availability of features. > An initial call can be made to find out if it is supported, then use the > feature switching bitfield to enable it. We could alternately make a > different unicast socket available signalling its availability.
Some of the most basic parts of a versioned API are present, but there are *big* chunks missing. >> #3 - Deprecate the old/existing audit record format, make it a Kconfig >> option that defaults to off and emit a warning when the old formatting >> is used. This will be a year, and most likely more, after step #2. >> >> #4 - Remove the old/existing audit record code. Once again, this >> would happen a couple of years after step #3. > > I suspect in practice stesp #3 and #4 could take a lot longer. You may be right, I consider the times above as minimums. However, I'm not completely shutting the door on moving things along sooner; I don't think we have a ton of users. We'll find out. -- paul moore www.paul-moore.com -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
