Re: [PATCH] audit: file system auditing based on location and name

From: Greg KH
Date: Wed Jul 06 2005 - 15:06:36 EST

Next message: Linus Torvalds: "Re: Linux 2.6.13-rc2: PCMCIA problem on AMD64"
Previous message: Piszcz, Justin: "RE: OOPS: frequent crashes with bttv in 2.6.X series (inc. 2.6.12)"
In reply to: Timothy R. Chavez: "[PATCH] audit: file system auditing based on location and name"
Next in thread: Timothy R. Chavez: "Re: [PATCH] audit: file system auditing based on location and name"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jul 06, 2005 at 11:54:41AM -0500, Timothy R. Chavez wrote:
> To implement this feature we rely on the concepts of a "watch" and
> "watch list". Directories hold lists of "watches" (ie: "watch lists")
> that describe auditable file names one level beneath them. If a file
> holds a pointer into a "watch list" it is auditable. When accessed by
> a system call, information about the inode and its "watches" is added
> to the audit context of the current task (an inode may have multiple
> "watches" if a hard link to a "watched" file is itself being "watched")
> which is sent to user space upon system call exit.

This sounds almost identical to inotify. Is there some way you could
use that instead? If not, you should explain why in your patch
introduction.

thanks,

greg k-h
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Linus Torvalds: "Re: Linux 2.6.13-rc2: PCMCIA problem on AMD64"
Previous message: Piszcz, Justin: "RE: OOPS: frequent crashes with bttv in 2.6.X series (inc. 2.6.12)"
In reply to: Timothy R. Chavez: "[PATCH] audit: file system auditing based on location and name"
Next in thread: Timothy R. Chavez: "Re: [PATCH] audit: file system auditing based on location and name"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]