vfs_full_audit annoyances on major version upgrades
Jeremy Allison
jra at samba.org
Mon Mar 29 20:07:11 UTC 2021
On Fri, Mar 26, 2021 at 08:38:04AM -0400, Andrew Walker via samba-technical wrote:
>I've noticed that several users (including one in the samba lists just now)
>got bitten by vfs_full_audit on major version upgrades. Due to VFS
>modernization, user's full_audit:success / failure configuration strings
>may be invalid post-upgrade. A concrete example is "full_audit:success =
>unlink". What makes this particularly painful is that full_audit will
>default to logging _everything_ if it encounters an unrecognized parameter.
>
>What do you think of doing something like the following:
>https://github.com/truenas/ports/blob/truenas/12.0-stable/net/samba/files/patch-source3__modules__vfs_full_audit.c
>
>Basically:
>1) expand table for vfs_op_names to include an "old" name to use for
>lookups as well (so that "unlink" logs "unlinkat")
>2) fail Tree Connect with a concrete error message printed at DBG_ERR if
>logging parameters are invalid.
I like this patch, although is one "old" name enough ?
Do you think we need an aliases list ?
The VFS is still undergoing churn at the moment as
we move to 100% (or as near as possible) handle-based
calls.
+1 on (2). That's a sensible default.
More information about the samba-technical
mailing list