Re: [RFC][PATCH] (#6 U1) the latest incarnation
On Thu, 2005-03-24 at 11:52 -0800, Chris Wright wrote:
> I suppose may_create() won't help you, as the child has a
negative
> dentry at that point so you have no inode. You will have an inode upon
> the subsequent d_instantiate, but can't tell that you are dealing with a
> "just created" inode versus an already existing one, so you won't
know
> that you need to notify of a create. So you are back to post-create
> style hooks for calling audit_notify_watch for file creations, right?
What was the problem with those, just hook proliferation?
I think that they are ok for notification (audit_notify_watch calls),
but they aren't safe for attaching watches (audit_attach_watch calls),
because the inode can be accessed via the dcache by another thread
before the post-create hooks run. Hence, he still wants to keep hooks
for attaching watches in places like d_instantiate, but the notification
hooks can occur later in the processing, like the dnotify hooks.
--
Stephen Smalley <sds(a)tycho.nsa.gov>
National Security Agency