Re: [PATCH ghak10 v5 1/2] audit: Add functions to log time adjustments

From: Paul Moore
Date: Sat Sep 22 2018 - 16:52:21 EST

Next message: Heiko Stuebner: "Re: [PATCH v3 0/4] Add 96Boards Rock960 CE board support"
Previous message: Heiko Stuebner: "Re: [PATCH v2] arm64: dts: rockchip: add spdif sound node for rock64"
In reply to: Ondrej Mosnacek: "Re: [PATCH ghak10 v5 1/2] audit: Add functions to log time adjustments"
Next in thread: Paul Moore: "Re: [PATCH ghak10 v5 1/2] audit: Add functions to log time adjustments"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Sep 21, 2018 at 7:21 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote:
> On Mon, Sep 17, 2018 at 4:51 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> > On Mon, Sep 17, 2018 at 8:38 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote:
> > > On Fri, Sep 14, 2018 at 5:19 AM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> > > > On Fri, Aug 24, 2018 at 8:00 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote:

...

> > Okay, with that in mind, perhaps when recording the offset values we
> > omit the "old" values (arguably that doesn't make much sense here) and
> > keep the sec/nsec split:
> >
> > type=TIME_CHANGE [...]: offset_sec=<X> offset_nsec=<Y>
> >
> > ... and for all others we stick with:
> >
> > type=TIME_CHANGE [...]: ntp_<VAR>=<NEWVAL> old=<OLD_VAL>
>
> Alright, that format would work. However, I would still like to have a
> separate type for the offset injection, since it has different field
> structure and semantics (difference vs. new+old). I don't see any
> reason to sacrifice the distinction for just one record type slot
> (AFAIK we technically still have about 2 billion left...).
>
> (Maybe you just duplicated the record type by mistake, in that case
> please disregard the last sentence.)

A reasonable guess on the typo, but no that was intentional :)

As described above, there is no set field ordering for the TIME_CHANGE
record, just like there is not set field ordering for the
CONFIG_CHANGE record. Why? We only include the state variables that
are being changed instead of including all of the available state
variables. Yes, historically there are the "new" and "old" fields,
but I don't see that as a strong convention; the special "old=" field
name helps prevent confusion.

Yes, we aren't really at risk of running out of record types, but why
do we *need* two types here? I don't believe the ordering/structure
argument is significant in this particular case, and I would much
rather see all the time related state changes included in one
TIME_CHANGE record.

--
paul moore
www.paul-moore.com

Next message: Heiko Stuebner: "Re: [PATCH v3 0/4] Add 96Boards Rock960 CE board support"
Previous message: Heiko Stuebner: "Re: [PATCH v2] arm64: dts: rockchip: add spdif sound node for rock64"
In reply to: Ondrej Mosnacek: "Re: [PATCH ghak10 v5 1/2] audit: Add functions to log time adjustments"
Next in thread: Paul Moore: "Re: [PATCH ghak10 v5 1/2] audit: Add functions to log time adjustments"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]