[PATCH] audit.h: remove the macro AUDIT_ARCH_ARMEB definition

[PATCH] audit.h: remove the macro AUDIT_ARCH_ARMEB definition

[roy.qing.li-Re5JQEeQqe8AvxtiuMwx3w]

From: Li RongQing <roy.qing.li-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>

After 2f9783669 [ARM: 7412/1: audit: use only AUDIT_ARCH_ARM regardless
of endianness], no kernel user uses this macro;

Keeping this macro, only makes the compiling old version audit [before 
changeset 931 Improve ARM and AARCH64 support] success, but the audit
program can not work with the kernel after 2f9783669 still,
since no syscall entry is enabled for AUDIT_ARCH_ARMEB in kernel.

so remove it to force to use the latest audit program

Signed-off-by: Li RongQing <roy.qing.li-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
---
other workaround is to define AUDIT_ARCH_ARMEB as AUDIT_ARCH_ARM,
but it seems very strange

 include/uapi/linux/audit.h | 1 -
 1 file changed, 1 deletion(-)

diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
index d3475e1..125aa49 100644
--- a/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@ -351,7 +351,6 @@ enum {
 #define AUDIT_ARCH_AARCH64	(EM_AARCH64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
 #define AUDIT_ARCH_ALPHA	(EM_ALPHA|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
 #define AUDIT_ARCH_ARM		(EM_ARM|__AUDIT_ARCH_LE)
-#define AUDIT_ARCH_ARMEB	(EM_ARM)
 #define AUDIT_ARCH_CRIS		(EM_CRIS|__AUDIT_ARCH_LE)
 #define AUDIT_ARCH_FRV		(EM_FRV)
 #define AUDIT_ARCH_I386		(EM_386|__AUDIT_ARCH_LE)
-- 
2.1.0

Re: [PATCH] audit.h: remove the macro AUDIT_ARCH_ARMEB definition

[Paul Moore]

On Fri, Mar 20, 2015 at 12:55 AM,  <roy.qing.li-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> From: Li RongQing <roy.qing.li-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
>
> After 2f9783669 [ARM: 7412/1: audit: use only AUDIT_ARCH_ARM regardless
> of endianness], no kernel user uses this macro;
>
> Keeping this macro, only makes the compiling old version audit [before
> changeset 931 Improve ARM and AARCH64 support] success, but the audit
> program can not work with the kernel after 2f9783669 still,
> since no syscall entry is enabled for AUDIT_ARCH_ARMEB in kernel.
>
> so remove it to force to use the latest audit program
>
> Signed-off-by: Li RongQing <roy.qing.li-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
> ---
> other workaround is to define AUDIT_ARCH_ARMEB as AUDIT_ARCH_ARM,
> but it seems very strange
>
>  include/uapi/linux/audit.h | 1 -
>  1 file changed, 1 deletion(-)

Since this #define lives in the user visible headers I don't want to
remove it and risk causing a userspace breakage.  Leaving the #define
in the header, even if it is unused by modern userspace, is harmless.

> diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
> index d3475e1..125aa49 100644
> --- a/include/uapi/linux/audit.h
> +++ b/include/uapi/linux/audit.h
> @@ -351,7 +351,6 @@ enum {
>  #define AUDIT_ARCH_AARCH64     (EM_AARCH64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
>  #define AUDIT_ARCH_ALPHA       (EM_ALPHA|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
>  #define AUDIT_ARCH_ARM         (EM_ARM|__AUDIT_ARCH_LE)
> -#define AUDIT_ARCH_ARMEB       (EM_ARM)
>  #define AUDIT_ARCH_CRIS                (EM_CRIS|__AUDIT_ARCH_LE)
>  #define AUDIT_ARCH_FRV         (EM_FRV)
>  #define AUDIT_ARCH_I386                (EM_386|__AUDIT_ARCH_LE)
> --
> 2.1.0
>



-- 
paul moore
www.paul-moore.com

Re: [PATCH] audit.h: remove the macro AUDIT_ARCH_ARMEB definition

[Li RongQing]

On Fri, Mar 20, 2015 at 9:29 PM, Paul Moore <paul-r2n+y4ga6xFZroRs9YW3xA@public.gmane.org> wrote:
> On Fri, Mar 20, 2015 at 12:55 AM,  <roy.qing.li-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>> From: Li RongQing <roy.qing.li-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
>>
>> After 2f9783669 [ARM: 7412/1: audit: use only AUDIT_ARCH_ARM regardless
>> of endianness], no kernel user uses this macro;
>>
>> Keeping this macro, only makes the compiling old version audit [before
>> changeset 931 Improve ARM and AARCH64 support] success, but the audit
>> program can not work with the kernel after 2f9783669 still,
>> since no syscall entry is enabled for AUDIT_ARCH_ARMEB in kernel.
>>
>> so remove it to force to use the latest audit program
>>
>> Signed-off-by: Li RongQing <roy.qing.li-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
>> ---
>> other workaround is to define AUDIT_ARCH_ARMEB as AUDIT_ARCH_ARM,
>> but it seems very strange
>>
>>  include/uapi/linux/audit.h | 1 -
>>  1 file changed, 1 deletion(-)
>
> Since this #define lives in the user visible headers I don't want to
> remove it and risk causing a userspace breakage.  Leaving the #define
> in the header, even if it is unused by modern userspace, is harmless.
>
it is harm, when I compile the audit-2.3.2 for a arm machine, whose linux kernel
is 3.14; no compile error, but audit does not work;  since the audit is



>
>
> --
> paul moore
> www.paul-moore.com

Re: [PATCH] audit.h: remove the macro AUDIT_ARCH_ARMEB definition

[Li RongQing]

On Mon, Mar 23, 2015 at 8:51 AM, Li RongQing <roy.qing.li-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> On Fri, Mar 20, 2015 at 9:29 PM, Paul Moore <paul-r2n+y4ga6xFZroRs9YW3xA@public.gmane.org> wrote:
>> On Fri, Mar 20, 2015 at 12:55 AM,  <roy.qing.li-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>>> From: Li RongQing <roy.qing.li-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
>>>
>>> After 2f9783669 [ARM: 7412/1: audit: use only AUDIT_ARCH_ARM regardless
>>> of endianness], no kernel user uses this macro;
>>>
>>> Keeping this macro, only makes the compiling old version audit [before
>>> changeset 931 Improve ARM and AARCH64 support] success, but the audit
>>> program can not work with the kernel after 2f9783669 still,
>>> since no syscall entry is enabled for AUDIT_ARCH_ARMEB in kernel.
>>>
>>> so remove it to force to use the latest audit program
>>>
>>> Signed-off-by: Li RongQing <roy.qing.li-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
>>> ---
>>> other workaround is to define AUDIT_ARCH_ARMEB as AUDIT_ARCH_ARM,
>>> but it seems very strange
>>>
>>>  include/uapi/linux/audit.h | 1 -
>>>  1 file changed, 1 deletion(-)
>>
>> Since this #define lives in the user visible headers I don't want to
>> remove it and risk causing a userspace breakage.  Leaving the #define
>> in the header, even if it is


it is harm, when I compile the audit-2.3.2 for a arm machine, whose linux kernel
is 3.14; no compile error, but audit does not work;  spend one day debug to find
the root cause is  the audit used MACH_ARMEB, but kernel replaced MACH_ARMEB
 with MACH_ARM

 grep WITH_ARMEB ./lib/machinetab.h -A10
#ifdef WITH_ARMEB
_S(MACH_ARMEB,   "armeb"  )
_S(MACH_ARMEB,   "armv5tejl")
_S(MACH_ARMEB,   "armv5tel")
_S(MACH_ARMEB,   "armv6l")
_S(MACH_ARMEB,   "armv7l")
#endif

removal of MACH_ARMEB will let the user find this issue when compile, not
run.

-Roy

Re: [PATCH] audit.h: remove the macro AUDIT_ARCH_ARMEB definition

[Paul Moore]

On Sun, Mar 22, 2015 at 8:55 PM, Li RongQing <roy.qing.li-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> On Mon, Mar 23, 2015 at 8:51 AM, Li RongQing <roy.qing.li-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>> On Fri, Mar 20, 2015 at 9:29 PM, Paul Moore <paul-r2n+y4ga6xFZroRs9YW3xA@public.gmane.org> wrote:
>>> On Fri, Mar 20, 2015 at 12:55 AM,  <roy.qing.li-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>>>> From: Li RongQing <roy.qing.li-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
>>>>
>>>> After 2f9783669 [ARM: 7412/1: audit: use only AUDIT_ARCH_ARM regardless
>>>> of endianness], no kernel user uses this macro;
>>>>
>>>> Keeping this macro, only makes the compiling old version audit [before
>>>> changeset 931 Improve ARM and AARCH64 support] success, but the audit
>>>> program can not work with the kernel after 2f9783669 still,
>>>> since no syscall entry is enabled for AUDIT_ARCH_ARMEB in kernel.
>>>>
>>>> so remove it to force to use the latest audit program
>>>>
>>>> Signed-off-by: Li RongQing <roy.qing.li-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
>>>> ---
>>>> other workaround is to define AUDIT_ARCH_ARMEB as AUDIT_ARCH_ARM,
>>>> but it seems very strange
>>>>
>>>>  include/uapi/linux/audit.h | 1 -
>>>>  1 file changed, 1 deletion(-)
>>>
>>> Since this #define lives in the user visible headers I don't want to
>>> remove it and risk causing a userspace breakage.  Leaving the #define
>>> in the header, even if it is
>
>
> it is harm, when I compile the audit-2.3.2 for a arm machine, whose linux kernel
> is 3.14; no compile error, but audit does not work;  spend one day debug to find
> the root cause is  the audit used MACH_ARMEB, but kernel replaced MACH_ARMEB
>  with MACH_ARM
>
>  grep WITH_ARMEB ./lib/machinetab.h -A10
> #ifdef WITH_ARMEB
> _S(MACH_ARMEB,   "armeb"  )
> _S(MACH_ARMEB,   "armv5tejl")
> _S(MACH_ARMEB,   "armv5tel")
> _S(MACH_ARMEB,   "armv6l")
> _S(MACH_ARMEB,   "armv7l")
> #endif
>
> removal of MACH_ARMEB will let the user find this issue when compile, not
> run.

[NOTE: Adding the linux-arm folks to this thread just in case they are
interested.]

I'm not an ARM expert, but the kernel #define for AUDIT_ARCH_ARMEB
(below) seems reasonable to me based on the other audit machine
definitions.  There is clearly a mismatch between the kernel and the
audit userspace, but I wonder if the issue should be addressed in the
userspace tools.  Further, you mention kernel 3.14, what happens with
kernel 3.19 and the most recent audit userspace tools?

  > grep "AUDIT_ARCH_ARMEB" include/uapi/linux/audit.h
  #define AUDIT_ARCH_ARMEB        (EM_ARM)

-Paul

-- 
paul moore
www.paul-moore.com

[PATCH] audit.h: remove the macro AUDIT_ARCH_ARMEB definition

[Paul Moore]

On Sun, Mar 22, 2015 at 8:55 PM, Li RongQing <roy.qing.li@gmail.com> wrote:
> On Mon, Mar 23, 2015 at 8:51 AM, Li RongQing <roy.qing.li@gmail.com> wrote:
>> On Fri, Mar 20, 2015 at 9:29 PM, Paul Moore <paul@paul-moore.com> wrote:
>>> On Fri, Mar 20, 2015 at 12:55 AM,  <roy.qing.li@gmail.com> wrote:
>>>> From: Li RongQing <roy.qing.li@gmail.com>
>>>>
>>>> After 2f9783669 [ARM: 7412/1: audit: use only AUDIT_ARCH_ARM regardless
>>>> of endianness], no kernel user uses this macro;
>>>>
>>>> Keeping this macro, only makes the compiling old version audit [before
>>>> changeset 931 Improve ARM and AARCH64 support] success, but the audit
>>>> program can not work with the kernel after 2f9783669 still,
>>>> since no syscall entry is enabled for AUDIT_ARCH_ARMEB in kernel.
>>>>
>>>> so remove it to force to use the latest audit program
>>>>
>>>> Signed-off-by: Li RongQing <roy.qing.li@gmail.com>
>>>> ---
>>>> other workaround is to define AUDIT_ARCH_ARMEB as AUDIT_ARCH_ARM,
>>>> but it seems very strange
>>>>
>>>>  include/uapi/linux/audit.h | 1 -
>>>>  1 file changed, 1 deletion(-)
>>>
>>> Since this #define lives in the user visible headers I don't want to
>>> remove it and risk causing a userspace breakage.  Leaving the #define
>>> in the header, even if it is
>
>
> it is harm, when I compile the audit-2.3.2 for a arm machine, whose linux kernel
> is 3.14; no compile error, but audit does not work;  spend one day debug to find
> the root cause is  the audit used MACH_ARMEB, but kernel replaced MACH_ARMEB
>  with MACH_ARM
>
>  grep WITH_ARMEB ./lib/machinetab.h -A10
> #ifdef WITH_ARMEB
> _S(MACH_ARMEB,   "armeb"  )
> _S(MACH_ARMEB,   "armv5tejl")
> _S(MACH_ARMEB,   "armv5tel")
> _S(MACH_ARMEB,   "armv6l")
> _S(MACH_ARMEB,   "armv7l")
> #endif
>
> removal of MACH_ARMEB will let the user find this issue when compile, not
> run.

[NOTE: Adding the linux-arm folks to this thread just in case they are
interested.]

I'm not an ARM expert, but the kernel #define for AUDIT_ARCH_ARMEB
(below) seems reasonable to me based on the other audit machine
definitions.  There is clearly a mismatch between the kernel and the
audit userspace, but I wonder if the issue should be addressed in the
userspace tools.  Further, you mention kernel 3.14, what happens with
kernel 3.19 and the most recent audit userspace tools?

  > grep "AUDIT_ARCH_ARMEB" include/uapi/linux/audit.h
  #define AUDIT_ARCH_ARMEB        (EM_ARM)

-Paul

-- 
paul moore
www.paul-moore.com

Re: [PATCH] audit.h: remove the macro AUDIT_ARCH_ARMEB definition

[Li RongQing]

On Wed, Mar 25, 2015 at 5:16 AM, Paul Moore <paul-r2n+y4ga6xFZroRs9YW3xA@public.gmane.org> wrote:
> [NOTE: Adding the linux-arm folks to this thread just in case they are
> interested.]
>
> I'm not an ARM expert, but the kernel #define for AUDIT_ARCH_ARMEB
> (below) seems reasonable to me based on the other audit machine
> definitions.  There is clearly a mismatch between the kernel and the
> audit userspace, but I wonder if the issue should be addressed in the
> userspace tools.  Further, you mention kernel 3.14, what happens with
> kernel 3.19 and the most recent audit userspace tools?
>
>   > grep "AUDIT_ARCH_ARMEB" include/uapi/linux/audit.h
>   #define AUDIT_ARCH_ARMEB        (EM_ARM)


1.
if no the below commit, audit-2.3.2 is working;
but after the below commit, audit-2.3.2 is not working.

commit 2f978366984a418f38fcf44137be1fbc5a89cfd9
Author: Will Deacon <will.deacon-5wv7dgnIgG8@public.gmane.org>
Date:   Fri May 4 17:53:52 2012 +0100

    ARM: 7412/1: audit: use only AUDIT_ARCH_ARM regardless of endianness

    The machine endianness has no direct correspondence to the syscall ABI,
    so use only AUDIT_ARCH_ARM when identifying the ABI to the audit tools
    in userspace.

    Cc: stable-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
    Signed-off-by: Will Deacon <will.deacon-5wv7dgnIgG8@public.gmane.org>
    Signed-off-by: Russell King <rmk+kernel-lFZ/pmaqli7XmaaqVzeoHQ@public.gmane.org>

diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c
index d8dbe9c..9650c14 100644
--- a/arch/arm/kernel/ptrace.c
+++ b/arch/arm/kernel/ptrace.c
@@ -906,12 +906,6 @@ long arch_ptrace(struct task_struct *child, long request,
        return ret;
 }

-#ifdef __ARMEB__
-#define AUDIT_ARCH_NR AUDIT_ARCH_ARMEB
-#else
-#define AUDIT_ARCH_NR AUDIT_ARCH_ARM
-#endif
-
 asmlinkage int syscall_trace(int why, struct pt_regs *regs, int scno)
 {
        unsigned long ip;
@@ -919,7 +913,7 @@ asmlinkage int syscall_trace(int why, struct
pt_regs *regs, int scno)
        if (why)
                audit_syscall_exit(regs);
        else
-               audit_syscall_entry(AUDIT_ARCH_NR, scno, regs->ARM_r0,
+               audit_syscall_entry(AUDIT_ARCH_ARM, scno, regs->ARM_r0,
                                    regs->ARM_r1, regs->ARM_r2, regs->ARM_r3);

        if (!test_thread_flag(TIF_SYSCALL_TRACE))


2.

The latest audit has the changeset of 931 [Improve ARM and AARCH64 support],
so audit can work again.


-Roy

[PATCH] audit.h: remove the macro AUDIT_ARCH_ARMEB definition

[Li RongQing]

On Wed, Mar 25, 2015 at 5:16 AM, Paul Moore <paul@paul-moore.com> wrote:
> [NOTE: Adding the linux-arm folks to this thread just in case they are
> interested.]
>
> I'm not an ARM expert, but the kernel #define for AUDIT_ARCH_ARMEB
> (below) seems reasonable to me based on the other audit machine
> definitions.  There is clearly a mismatch between the kernel and the
> audit userspace, but I wonder if the issue should be addressed in the
> userspace tools.  Further, you mention kernel 3.14, what happens with
> kernel 3.19 and the most recent audit userspace tools?
>
>   > grep "AUDIT_ARCH_ARMEB" include/uapi/linux/audit.h
>   #define AUDIT_ARCH_ARMEB        (EM_ARM)


1.
if no the below commit, audit-2.3.2 is working;
but after the below commit, audit-2.3.2 is not working.

commit 2f978366984a418f38fcf44137be1fbc5a89cfd9
Author: Will Deacon <will.deacon@arm.com>
Date:   Fri May 4 17:53:52 2012 +0100

    ARM: 7412/1: audit: use only AUDIT_ARCH_ARM regardless of endianness

    The machine endianness has no direct correspondence to the syscall ABI,
    so use only AUDIT_ARCH_ARM when identifying the ABI to the audit tools
    in userspace.

    Cc: stable at vger.kernel.org
    Signed-off-by: Will Deacon <will.deacon@arm.com>
    Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>

diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c
index d8dbe9c..9650c14 100644
--- a/arch/arm/kernel/ptrace.c
+++ b/arch/arm/kernel/ptrace.c
@@ -906,12 +906,6 @@ long arch_ptrace(struct task_struct *child, long request,
        return ret;
 }

-#ifdef __ARMEB__
-#define AUDIT_ARCH_NR AUDIT_ARCH_ARMEB
-#else
-#define AUDIT_ARCH_NR AUDIT_ARCH_ARM
-#endif
-
 asmlinkage int syscall_trace(int why, struct pt_regs *regs, int scno)
 {
        unsigned long ip;
@@ -919,7 +913,7 @@ asmlinkage int syscall_trace(int why, struct
pt_regs *regs, int scno)
        if (why)
                audit_syscall_exit(regs);
        else
-               audit_syscall_entry(AUDIT_ARCH_NR, scno, regs->ARM_r0,
+               audit_syscall_entry(AUDIT_ARCH_ARM, scno, regs->ARM_r0,
                                    regs->ARM_r1, regs->ARM_r2, regs->ARM_r3);

        if (!test_thread_flag(TIF_SYSCALL_TRACE))


2.

The latest audit has the changeset of 931 [Improve ARM and AARCH64 support],
so audit can work again.


-Roy

Re: [PATCH] audit.h: remove the macro AUDIT_ARCH_ARMEB definition

[Li RongQing]

On Wed, Mar 25, 2015 at 8:01 AM, Li RongQing <roy.qing.li-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> On Wed, Mar 25, 2015 at 5:16 AM, Paul Moore <paul-r2n+y4ga6xFZroRs9YW3xA@public.gmane.org> wrote:
>> [NOTE: Adding the linux-arm folks to this thread just in case they are
>> interested.]
>>
>> I'm not an ARM expert, but the kernel #define for AUDIT_ARCH_ARMEB
>> (below) seems reasonable to me based on the other audit machine
>> definitions.  There is clearly a mismatch between the kernel and the
>> audit userspace, but I wonder if the issue should be addressed in the
>> userspace tools.  Further, you mention kernel 3.14, what happens with
>> kernel 3.19 and the most recent audit userspace tools?
>>
>>   > grep "AUDIT_ARCH_ARMEB" include/uapi/linux/audit.h
>>   #define AUDIT_ARCH_ARMEB        (EM_ARM)
>
>


ping...

-Roy

[PATCH] audit.h: remove the macro AUDIT_ARCH_ARMEB definition

[Li RongQing]

On Wed, Mar 25, 2015 at 8:01 AM, Li RongQing <roy.qing.li@gmail.com> wrote:
> On Wed, Mar 25, 2015 at 5:16 AM, Paul Moore <paul@paul-moore.com> wrote:
>> [NOTE: Adding the linux-arm folks to this thread just in case they are
>> interested.]
>>
>> I'm not an ARM expert, but the kernel #define for AUDIT_ARCH_ARMEB
>> (below) seems reasonable to me based on the other audit machine
>> definitions.  There is clearly a mismatch between the kernel and the
>> audit userspace, but I wonder if the issue should be addressed in the
>> userspace tools.  Further, you mention kernel 3.14, what happens with
>> kernel 3.19 and the most recent audit userspace tools?
>>
>>   > grep "AUDIT_ARCH_ARMEB" include/uapi/linux/audit.h
>>   #define AUDIT_ARCH_ARMEB        (EM_ARM)
>
>


ping...

-Roy

Re: [PATCH] audit.h: remove the macro AUDIT_ARCH_ARMEB definition

[Steve Grubb]

On Friday, March 20, 2015 09:29:14 AM Paul Moore wrote:
> On Fri, Mar 20, 2015 at 12:55 AM,  <roy.qing.li@gmail.com> wrote:
> > From: Li RongQing <roy.qing.li@gmail.com>
> > 
> > After 2f9783669 [ARM: 7412/1: audit: use only AUDIT_ARCH_ARM regardless
> > of endianness], no kernel user uses this macro;
> > 
> > Keeping this macro, only makes the compiling old version audit [before
> > changeset 931 Improve ARM and AARCH64 support] success, but the audit
> > program can not work with the kernel after 2f9783669 still,
> > since no syscall entry is enabled for AUDIT_ARCH_ARMEB in kernel.
> > 
> > so remove it to force to use the latest audit program
> > 
> > Signed-off-by: Li RongQing <roy.qing.li@gmail.com>
> > ---
> > other workaround is to define AUDIT_ARCH_ARMEB as AUDIT_ARCH_ARM,
> > but it seems very strange
> > 
> >  include/uapi/linux/audit.h | 1 -
> >  1 file changed, 1 deletion(-)
> 
> Since this #define lives in the user visible headers I don't want to
> remove it and risk causing a userspace breakage.  Leaving the #define
> in the header, even if it is unused by modern userspace, is harmless.

This macro doesn't appear to be in use by auditd.

-Steve

> > diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
> > index d3475e1..125aa49 100644
> > --- a/include/uapi/linux/audit.h
> > +++ b/include/uapi/linux/audit.h
> > @@ -351,7 +351,6 @@ enum {
> > 
> >  #define AUDIT_ARCH_AARCH64    
> >  (EM_AARCH64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) #define AUDIT_ARCH_ALPHA
> >        (EM_ALPHA|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) #define
> >  AUDIT_ARCH_ARM         (EM_ARM|__AUDIT_ARCH_LE)
> > 
> > -#define AUDIT_ARCH_ARMEB       (EM_ARM)
> > 
> >  #define AUDIT_ARCH_CRIS                (EM_CRIS|__AUDIT_ARCH_LE)
> >  #define AUDIT_ARCH_FRV         (EM_FRV)
> >  #define AUDIT_ARCH_I386                (EM_386|__AUDIT_ARCH_LE)
> > 
> > --
> > 2.1.0

Re: [PATCH] audit.h: remove the macro AUDIT_ARCH_ARMEB definition

[Li RongQing]

On Fri, Apr 3, 2015 at 8:42 PM, Steve Grubb <sgrubb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> wrote:
>> Since this #define lives in the user visible headers I don't want to
>> remove it and risk causing a userspace breakage.  Leaving the #define
>> in the header, even if it is unused by modern userspace, is harmless.
>
> This macro doesn't appear to be in use by auditd.


ping ...