Re: [RFC][PATCH] (#4) auditfs
On Thu, 2005-02-24 at 12:13 -0600, Timothy R. Chavez wrote:
I'd like to start getting feedback on linux-fsdevel with a CC
directly
to Al Viro about the design itself. What do you all think of this
approach? Or perhaps I should bring it directly to LKML? Should I
wait until the intermediary patch #5 is completed and tested before I
start any dialog? I personally think overlapping the two would be
fine. The reason I think this is because the first major stumbling
block has nothing to do with the implementation itself, but the design
and all the philosophy and politics surrounding it. As soon as I
mention "filesystem auditing" I've noticed that people get antsy and
immediately try to beat it down like a pianta made out of software
patents J/K. Thus I feel a large part of this endeveour is going to
revolve around explanation. Do you agree? I'd appreciate some
feedback.
I think taking it to linux-fsdevel soon is a good idea, but not before
you have code that you can show to demonstrate concretely what you are
trying to achieve, i.e. I'd wait until you have a fixed up version of
your patch. And you'll need a clear description of what your real goals
are, e.g. what events do we truly need to be able to enable object
identity-based auditing for? Seems to be some confusion on this point,
e.g. the discussion on read/write vs. open, unlink hook, etc.
--
Stephen Smalley <sds(a)tycho.nsa.gov>
National Security Agency