Re: [RFC][PATCH] (#6 U1) the latest incarnation
On Fri, 2005-03-25 at 08:04 -0500, Stephen Smalley wrote:
With regard to additional hook placement for audit_notify_watch, I
think
you likely do want to mirror the security*_post* hooks for file creation
(create, mkdir, mknod, symlink), rename, and link with
audit_notify_watch calls to perform notifications of such events. Then
you keep audit_attach_watch calls in the dcache routines to manage the
i_audit fields and avoid races. However, I think you need to check
whether you truly need all of the current hook placements in the dcache
routines or whether some of them are duplicative on the same code path,
e.g. do you need both __d_lookup and d_instantiate/d_splice_alias
hooked?
I don't see what the __d_lookup hook buys you, can you explain? The
d_instantiate and d_splice_alias hooks ensure that you attach watches to
inodes when they are looked up or created before they can be accessed by
another thread via the dcache (since you call the hook before releasing
the dcache lock). What do you need the __d_lookup hook for?
--
Stephen Smalley <sds(a)tycho.nsa.gov>
National Security Agency