Skip to content

Replace usage of libaudit function removed in v3.0.7 #8401

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
directionless merged 1 commit into from
Dec 17, 2024
Merged

Replace usage of libaudit function removed in v3.0.7 #8401

directionless merged 1 commit into from
Dec 17, 2024

Conversation

@carlsmedstad
Copy link
Contributor

@carlsmedstad carlsmedstad commented Aug 10, 2024

Hey 👋

The function audit_rule_syscall_data is since linux-audit/audit-userspace@24fa18c not part of libaudit's interface.

For context I'm currently in the process of updating the Arch Linux package for osquery and will attempt to upstream as many of the required patches as possible. The complete WIP patchset can be found in this branch: https://github.com/carlsmedstad/osquery/tree/build-on-archlinux

Cheers!

@carlsmedstad carlsmedstad requested review from a team as code owners August 10, 2024 14:02
directionless
directionless reviewed Sep 2, 2024
View reviewed changes
Copy link
Member

@directionless directionless left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not super familiar with how libaudit works -- I know osquery is (mostly), static but any chance this change extends into the whatever the underlying auditd system is?

@carlsmedstad
Replace usage of libaudit function removed in v3.0.7
9772b02 
The function audit_rule_syscall_data is since
24fa18cfea484b0e58ab02e71b9cc0bea87f6b00 [0] not part of libaudit's
interface.

[0]: linux-audit/audit-userspace@24fa18c
@carlsmedstad carlsmedstad force-pushed the removed-libaudit-function branch from 0e9b480 to 9772b02 Compare November 15, 2024 17:05
directionless
directionless approved these changes Dec 17, 2024
View reviewed changes
Copy link
Member

@directionless directionless left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We talked about this in office hours today, and we think it's reasonable!

@directionless directionless merged commit 3820afd into osquery:master Dec 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@directionless directionless directionless approved these changes

Assignees

No one assigned

Labels

build Linux

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@carlsmedstad @directionless @Smjert