On Wed, 1 Feb 2006, Mike Jakubik wrote: > Robert Watson wrote: >> >> On Wed, 1 Feb 2006, Kövesdán Gábor wrote: >> >>> Do you plan to merge it to RELENG_6? If so, when? Maybe for the upcoming >>> 6.1? Or only for 6.2 or later? >> >> It depends a bit how well this shakes out. The code is definitely still >> "experimental", in that the set of events audited is not yet complete. >> There are three general sorts of weaknesses in the set of events currently >> audited: >> With all this in mind, it is not yet ruled out that we could ship initial >> "experimental" audit support in 6.1-RELEASE. In fact, the timing is >> currently such that it will be possible, assuming all goes well, and >> allowing for the fact that it really will be an experimental feature and >> not production feature in 6.1. We were quite careful to merge the >> necessary ABI changes to RELENG_6 before the 6.0 release so that merging it >> would be possible without breaking existing 6.x device drivers. > > Personally, i would like to see less "experimental" code in 6.1. Perhaps it > would be better to wait until everyone feels the code is ready? Audit is a feature optionally compiled into the kernel -- the goal of providing it via RELENG_6, if we decide to go that way, would be to allow early adopters to compile in the option if they needed to use it. The main things standing between us and a merge to RELENG_6 is making sure that file formats are finalized, in order to prevent backward/forward incompatibilities being introduced. Without the code compiled into the kernel, the audit system is completely disabled, although the command line tools to process audit logs from audit-enabled systems will be present and will operate. I agree that caution is required -- on the other hand, audit is a feature that can be incrementally improved as time goes by as long as the basic framework (which has not changed significantly in several months) works properly. The main things remaining to be added are capturing of additional information, which will not change the basic file format. Even without the additional information captured, audit is still very useful. All that said -- we'll see where things sit in a couple of weeks, and as reports of more widespread use come in. Robert N M WatsonReceived on Wed Feb 01 2006 - 23:34:20 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:51 UTC