Re: [RFC] [PATCH]
On Fri, 2006-02-17 at 10:04 -0600, Dustin Kirkland wrote:
On Fri, 2006-02-17 at 08:43 -0600, Darrel Goeddel wrote:
> It would seem to me that we need the current functionality of keeping all rules
> that are set up and revalidating them upon policy loads. If we don't do it
here,
> it would need to be done at the audit layer - it might not be as pretty there.
I don't know... My first thoughts are that it seems like the audit
layer should be ignorant of policy loads/reloads--that's not really it's
business.
Disagree - it is caching policy information, and thus should register a
callback for notification of reloads so that it can re-process its audit
rules at that time, similar to the netif table. That would presumably
address the locking concern as well.
--
Stephen Smalley
National Security Agency