Re: [RFC][PATCH] (#2) Prelim in-kernel file system auditing support

Hello, First, a note on previous discussion.. So I was just fixing a bug and I took a look at why I wasn't generating a record for both "etc" and "passwd" if they were both being watched and I issued a "cat /etc/paswd" When I took a look, I saw that permission() isn't called on "etc", but instead exec_permission_lite() is. Once I hooked this function, I got the expected audit records for both "etc" and "passwd" I will release patch #3 most likely tommorow which addresses comments, bugs, etc on patch #2. I've yet to talk to Chris about the possible bug he sees in d_move(), but hope to resolve that soon and have any needed changes in patch #4. Patch #4 will mostly introduce new features (and include any bug fixes, comments, nits on patch #3). Primarily the ability to enable/disable the filesystem auditing dynamically (from userspace), attaching a permissions bitmask to watch points, and a revision on the audit_data preallocation mechanism. I also hope to be able to release a usespace patch to auditctl so that the code can be functionally tested by people other then myself. Thanks all!