Re: [RFC][PATCH 2/2] file system auditing (#6U3)
On Mon, 2005-04-04 at 10:38 -0500, Timothy R. Chavez wrote:
diff -Nurp linux-2.6.11.5/include/linux/fs.h
linux-2.6.11.5~auditfs/include/linux/fs.h
--- linux-2.6.11.5/include/linux/fs.h 2005-03-19 00:34:53.000000000 -0600
+++ linux-2.6.11.5~auditfs/include/linux/fs.h 2005-03-31 11:38:03.000000000 -0600
@@ -477,6 +477,7 @@ struct inode {
unsigned int i_flags;
atomic_t i_writecount;
+ struct audit_data *i_audit;
void *i_security;
union {
void *generic_ip;
This bit should probably have been included in the first patch. And I
wonder if we could in fact do without it altogether -- do we really need
to grow the inode structure for this? Relatively few inodes will have
i_audit populated -- could we keep the audit_data in a hash table, and
just use a _flag_ in the inode to indicate that there are audit_data in
the hash table for this inode?
I believe that there is already an implementation of such a hash table
floating around, because it was once suggested for the i_security field.
Serge, do you have one?
--
dwmw2