On Tue, 2013-07-09 at 14:30 -0400, Steve Grubb wrote: > > I can certainly shoehorn a 4 state interface into AUDIT_SET/GET. > > Does the new interface support more than 4 a state variable? Suppose > we need > to set a number value like 8192, will it do that?
No. The new interface is written to be on/off locked/unlock The get/set interface could be extended to allow for this. We'd have to grow the size of struct audit_status with a new __u32. Kernel space would have to 0 out the struct and overwrite it with what it got from userspace. Userspace would just have to ignore the additional info from a read... I agree, a version field is useful. -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit