Re: [PATCH v4 3/4] fanotify,audit: Allow audit to use the full permission event response

From: Steve Grubb
Date: Wed Sep 07 2022 - 16:11:57 EST


On Wednesday, September 7, 2022 2:43:54 PM EDT Richard Guy Briggs wrote:
> > > Ultimately I guess I'll leave it upto audit subsystem what it wants to
> > > have in its struct fanotify_response_info_audit_rule because for
> > > fanotify subsystem, it is just an opaque blob it is passing.
> >
> > In that case, let's stick with leveraging the type/len fields in the
> > fanotify_response_info_header struct, that should give us all the
> > flexibility we need.
> >
> > Richard and Steve, it sounds like Steve is already aware of additional
> > information that he wants to send via the
> > fanotify_response_info_audit_rule struct, please include that in the
> > next revision of this patchset. I don't want to get this merged and
> > then soon after have to hack in additional info.
>
> Steve, please define the type and name of this additional field.

Maybe extra_data, app_data, or extra_info. Something generic that can be
reused by any application. Default to 0 if not present.

Thanks,
-Steve