On Tue, 16 Jul 2019, Paul Moore wrote: > The subj_X approach is still backwards compatible, the difference is > that old versions of the tools get a "?" for the LSM creds which is a > rather sane way of indicating something is different.
This will still break existing userspace, right? We can't do that. > Once again, I believe that the subj_X approach is going to be faster > than safely parsing the multiplexed format. What about emitting one audit record for each LSM? -- James Morris <[email protected]> -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
