Hi Jan, So I see there's a bunch of work under the audit project on the OpenSolaris website...
Main complaint: you've stuck with the old acronyms rather than chosen words. i.e. how does anyone draw any meaning from "preselection/naflags lo"? what is "na"? and why isn't "lo" actually "login"? After looking at audit_control(4), I thought "this could be friendlier" and I think that design could be friendlier too :) But maybe that's something for a future project... Looking at the web page, the namespace used by auditd.xml seems to imply that it could be possible for the internal schema to collide with a plugin. Wouldn't it be better to have a dedicated space in the XML schema that was reserved for plugins? And that SUNW,binfile and SUNW,syslog shouldn't be in auditd.xml but rather delivered as separate entities that slot into the correct place in the XML schema? A simple example of what I mean is why shouldn't it be plugin/SUNW,binfile and plugin/SUNW,syslog? This should allow developers to define a plugin schema that a plugin can import in its .xml file. It also properly confines the scope of what parts of the auditd schema the plugin is allowed to "load into". At present it looks like a plugin would deliver a .xml file that could redefine policy/flags because it needs to deliver an XML document that matches the schema for auditd.xml. Taking syslog & binfile out of auditd.xml and into separate XML documents should also require you to address the real plugin problem: how does auditd "discover" its plugins and whether or not to use them? Darren
