On Mon, Oct 16, 2017 at 3:18 PM, Paul Moore <paul(a)paul-moore.com> wrote:
On Mon, Oct 16, 2017 at 3:10 PM, Paul Moore
<paul(a)paul-moore.com> wrote:
> On Thu, Oct 12, 2017 at 11:24 PM, Steve Grubb <sgrubb(a)redhat.com> wrote:
>> The audit subsystem allows selecting audit events based on watches for
>> a particular behavior like writing to a file. A lot of syscalls have
>> been added without updating the list. This patch adds 2 syscalls to the
>> write filters: fallocate and renameat2.
>>
>> Signed-off-by: sgrubb <sgrubb(a)redhat.com>
One more one more thing ;)
You are supposed to use your "Full Name" and not a username, see
Documentation/process/5.Posting.rst
for more information. I'm going to go ahead and substitute "Steve
Grubb" because that is how you are sending your emails, but please
correct this in the future; sign-off lines are very important.
>> ---
>> include/asm-generic/audit_dir_write.h | 4 ++++
>> include/asm-generic/audit_write.h | 3 +++
>> 2 files changed, 7 insertions(+)
>
> FWIW, I expect that this syscall list is almost always going to be out
> of date; it's just the way this feature is designed. That doesn't
> mean I'm not going to merge fixes, I just want to make sure
> expectations are set accordingly.
>
> Before I merge this Steve, can you explain why fallocate() should be
> on the write list? It doesn't actually write any user data to disk,
> it actually doesn't write anything, all it does is play with the
> amount of space allocated for the given fd on the storage device. I
> don't really care either way, this just struck me as odd and I want to
> make sure you have a good reason (hint: add it to the patch
> description).
Oh, one more thing; it's administrative and not tied to a particular
patch ... there is no need to add write "PATCH 1/1" when there is just
one patch, a simple "PATCH" is sufficient. The extra "1/1" just
adds
a bit of extra work as I need to clean it up before merging; it's not
a big deal, but if I still see you doing it a month from now I may
have to get a bit salty ;)
--
paul moore
www.paul-moore.com