Re: [RFC][PATCH 1/3] CAPP-compliant file system auditing
On Thu, 2005-03-31 at 12:17 -0600, Timothy R. Chavez wrote:
I suspect there will be questions framed around specific parts of
this design
and I will address them as they come. However, please keep in mind that we
are not auditing based on content, but "name".
Or possibly location.
This is _not_ a general purpose file system auditing solution.
Ah, bad statement to make when seeking acceptance into a general purpose
operating system. Better to say that this is intended to complement the
existing support for auditing based on (device,inode) pair to fill a
specific gap, namely preservation of audit on particular locations
across transactions?
This patch was diffed against linux-2.6.11.5 and introduces the new
functionality to the kernel's audit subsystem.
Diffs against 2.6.11.5 might be fine for an RFC, but for real
submission, you need to be more bleeding edge, e.g. 2.6.12-rc1-mm4 or
whatever the latest one is. Especially as there are already audit-
related patches there.
--
Stephen Smalley <sds(a)tycho.nsa.gov>
National Security Agency