Re: [PATCH 17/21] audit: Use timespec64 to represent audit timestamps

From: Paul Moore
Date: Wed Jun 15 2016 - 17:23:29 EST


On Thu, Jun 9, 2016 at 7:59 PM, Richard Guy Briggs <rgb@xxxxxxxxxx> wrote:
> On 16/06/09, Steve Grubb wrote:
>> On Wednesday, June 08, 2016 10:05:01 PM Deepa Dinamani wrote:
>> > struct timespec is not y2038 safe.
>> > Audit timestamps are recorded in string format into
>> > an audit buffer for a given context.
>> > These mark the entry timestamps for the syscalls.
>> > Use y2038 safe struct timespec64 to represent the times.
>> > The log strings can handle this transition as strings can
>> > hold upto 1024 characters.
>>
>> Have you tested this with ausearch or any audit utilities? As an aside, a time
>> stamp that is up to 1024 characters long is terribly wasteful considering how
>> many events we get.
>
> Steve,
>
> I don't expect the size of the time stamp text to change since the
> format isn't being changed and I don't expect the date stamp text length
> to change until Y10K, but you never know what will happen in 8
> millenia... (Who knows, maybe that damn Linux server in my basement
> will still be running then...)

Yeah, I'm not really worried about the string date field growing; this
is more an internal implementation detail to make sure we can keep the
lights on in a few decades from now.

Deepa, I'm not going to merge your patchset because I'm guessing all
your timespec64 patches will likely go in at once, but you are free to
add my ack if you need to respin.

Acked-by: Paul Moore <paul@xxxxxxxxxxxxxx>

--
paul moore
www.paul-moore.com