Re: [audit] Upstream solution for auditing file system objects

[Robert Love]

On Fri, 2004-12-10 at 04:38 +0000, Timothy Chavez wrote:

> Right, but we like inotify and want to see it succeed :-)!  We also
> want an upstream solution, so playing nicely is essential.

Awesome. ;)

I'm not adverse to doing the auditing in a generic hook mechanism, at
all, assuming that LSM hooks and the other options are not the preferred
and optimal solution.

> > So my position would be that I am all for moving the inotify hooks to
> > generic file change hooks, but that needs to be done either once inotify
> > is in the kernel proper or as a separate project.  Then inotify can be
> > one consumer of the hooks and auditing another.
> 
> It's a reasonable compromise and it'll have to be considered and discussed.

I've actually been thinking of doing this anyhow, because we currently
have both dnotify and inotify hooks in the filesystem code.  But one
thing at a time.

	Robert Love


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/