Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add 'file.attributes' #611

Merged
merged 3 commits into from
Dec 9, 2019
Merged

Add 'file.attributes' #611

merged 3 commits into from
Dec 9, 2019

Conversation

webmat
Copy link
Contributor

@webmat webmat commented Nov 15, 2019

No description provided.

@webmat webmat self-assigned this Nov 15, 2019
@webmat
Copy link
Contributor Author

webmat commented Nov 15, 2019

@rw-access @andrewstucki @paulewing This field would remove the need for wildcards on file attributes.

@webmat
Copy link
Contributor Author

webmat commented Nov 22, 2019

Currently file.mode is a field that only makes sense in posix environments. With a bit more work (not currently reflected in the def), we could map that posix bit field to a predictable set of values for file.attributes. E.g. world-read, world-write, world-executable, group-read, etc.

I think file.attributes would be a better way to capture the attributes of a file, independent of platform.

@webmat
Copy link
Contributor Author

webmat commented Dec 9, 2019

Ok, I don't want to over-complicate this, so I think I'll merge as is.

Let's leave out the Posix mapping of the octal attributes for now, as this could lead to more questions, such as exact naming, and additional selinux/apparmor attributes. But this is definitely something we should dig into later.

I'll open the follow-up issue and merge this one.

@webmat webmat mentioned this pull request Dec 9, 2019
Open
@webmat
Copy link
Contributor Author

webmat commented Dec 9, 2019

Issue opened #685

@webmat webmat merged commit 6767d34 into elastic:master Dec 9, 2019
dcode pushed a commit to dcode/ecs that referenced this pull request Apr 15, 2020
@dcode
Add 'file.attributes' (elastic#611)
7f1d2db
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rw-access rw-access rw-access approved these changes

Assignees

@webmat webmat

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@webmat @rw-access