Re: [RFC][PATCH] (#2) Prelim in-kernel file system auditing support
* Serge Hallyn (serue(a)us.ibm.com) wrote:
But you're looking up the parent of the file. So if you call
audit_insert_watch("/.autofsck"); then nd will be the nameidata for
'/'.
You're going to check that the parent is not '/', whereas before you
were checking that the file is not '/'. Clearly you want the latter.
That's not to say the strcmp(path, "/') will be acceptable upstream,
though.
No, it's not. It also doesn't mean much. Think "///", or
"../../../".
These are user strings. If it's an issue, better compare against
something sane like resolved internal data structure.
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net