On Tuesday, May 30, 2017 2:19:09 PM EDT Frederick House wrote: > Does anyone know the specific changes to libaudit v1 that warranted a major > version upgrade to v2 (i.e., libaudit.so.0 -> libaudit.so.1)? I'd like to > understand the major differences without having to diff the source code of > audit-1.8 and audit.2.0!
>From the old 2.0 changelog: - Removed old syscall rules API - not needed since 2.6.16 - Remove all use of the old rule structs from API - Removed ancient defines that are part of kernel 2.6.29 headers - Bump soname number for libaudit - In auditctl, deprecate the entry filter and move rules to exit filter - Remove support for the legacy negate syscall rule operator The main thing was we had to remove hidden function calls that were using an old API that had been deprecated. Specifically this was audit_add_rule() and audit_delete_rule(). They in turn used a deprecated kernel API. The way that it played out was that we made the new API in the kernel. User space used both for a while and then user space started only using the new API. The old API was hidden so that new programs had to use the new API but anything compiled against the old API would continue working for a while. After a couple of years we were pretty sure nothing was using the old kernel API and its code could be removed. The first step was removing the last bits of support from user space and then a year or two later move it out of the kernel. This happened way back in 2009. -Steve > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of [email protected] Sent: Tuesday, May 30, 2017 > 13:43 PM > To: Frederick House <[email protected]> > Subject: Welcome to the "Linux-audit" mailing list > > Welcome to the [email protected] mailing list! > > To post to this list, send your email to: > > [email protected] > > General information about the mailing list is at: > > https://www.redhat.com/mailman/listinfo/linux-audit > > If you ever want to unsubscribe or change your options (eg, switch to or > from digest mode, change your password, etc.), visit your subscription page > at: > > > https://www.redhat.com/mailman/options/linux-audit/fred.house%40mandiant.co > m > > > You can also make such adjustments via email by sending a message to: > > [email protected] > > with the word `help' in the subject or body (don't include the quotes), and > you will get back a message with instructions. > > You must know your password to change your options (including changing the > password, itself) or to unsubscribe. It is: > > TKOSlU3vUH0qJCXgZ6Jd > > Normally, Mailman will remind you of your redhat.com mailing list passwords > once every month, although you can disable this if you prefer. This > reminder will also include instructions on how to unsubscribe or change > your account options. There is also a button on your options page that > will email your current password to you. > > This email and any attachments thereto may contain private, confidential, > and/or privileged material for the sole use of the intended recipient. Any > review, copying, or distribution of this email (or any attachments thereto) > by others is strictly prohibited. If you are not the intended recipient, > please contact the sender immediately and permanently delete the original > and any copies of this email and any attachments thereto. > > -- > Linux-audit mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/linux-audit -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
