* audit 1.7.18 and auparse_feed_has_data
@ 2016-02-01 11:48 Lev Stipakov
2016-02-01 12:20 ` Steve Grubb
0 siblings, 1 reply; 2+ messages in thread
From: Lev Stipakov @ 2016-02-01 11:48 UTC (permalink / raw)
To: linux-audit
Hi,
I have a Debian 7.9 which includes libaudit-devel-1.7.18. That version
does not have auparse_feed_has_data(). Its implementation looks simple,
however it uses au_lo, which is declared as static in auparse.c and
therefore cannot be accessed outside of that file.
I took auparse_feed_has_data() usage from audisp-example.c
tv.tv_sec = 5;
tv.tv_usec = 0;
FD_ZERO(&read_mask);
FD_SET(0, &read_mask);
if (auparse_feed_has_data(au))
retval= select(1, &read_mask, NULL, NULL, &tv);
else
retval= select(1, &read_mask, NULL, NULL, NULL);
I noticed that old version of example plugin doesn't have
auparse_feed_has_data() or select() calls
(https://github.com/gdestuynder/audit-cef/blob/master/contrib/plugin/audisp-example.c#L104)
What is the purpose of select/auparse_feed_has_data? Is it some kind of
optimization or bug fix? Since I have to support Debian 7 and probably
have to stick to audit 1.7 headers, is it safe to use the "old way"?
-Lev
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: audit 1.7.18 and auparse_feed_has_data
2016-02-01 11:48 audit 1.7.18 and auparse_feed_has_data Lev Stipakov
@ 2016-02-01 12:20 ` Steve Grubb
0 siblings, 0 replies; 2+ messages in thread
From: Steve Grubb @ 2016-02-01 12:20 UTC (permalink / raw)
To: Lev Stipakov; +Cc: linux-audit
On Mon, 1 Feb 2016 13:48:42 +0200
Lev Stipakov <lstipakov@gmail.com> wrote:
> Hi,
>
> I have a Debian 7.9 which includes libaudit-devel-1.7.18. That
> version does not have auparse_feed_has_data(). Its implementation
> looks simple, however it uses au_lo, which is declared as static in
> auparse.c and therefore cannot be accessed outside of that file.
>
> I took auparse_feed_has_data() usage from audisp-example.c
>
> tv.tv_sec = 5;
> tv.tv_usec = 0;
> FD_ZERO(&read_mask);
> FD_SET(0, &read_mask);
> if (auparse_feed_has_data(au))
> retval= select(1, &read_mask, NULL, NULL, &tv);
> else
> retval= select(1, &read_mask, NULL, NULL, NULL);
>
> I noticed that old version of example plugin doesn't have
> auparse_feed_has_data() or select() calls
> (https://github.com/gdestuynder/audit-cef/blob/master/contrib/plugin/audisp-example.c#L104)
>
> What is the purpose of select/auparse_feed_has_data? Is it some kind
> of optimization or bug fix?
A little of both. See this thread for the background:
https://www.redhat.com/archives/linux-audit/2012-August/msg00025.html
> Since I have to support Debian 7 and
> probably have to stick to audit 1.7 headers, is it safe to use the
> "old way"?
>
> -Lev
>
> --
> Linux-audit mailing list
> Linux-audit@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-02-01 12:20 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-02-01 11:48 audit 1.7.18 and auparse_feed_has_data Lev Stipakov
2016-02-01 12:20 ` Steve Grubb
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.