Re: [RFC][PATCH] (#6 U1) the latest incarnation
On Fri, 2005-03-25 at 10:46 -0600, Timothy R. Chavez wrote:
I've kind of struggled with this one and am was a bit reluctant
to add it.
Perhaps my logic is right, bu there's a better placement. The reason why the
hook was placed in __d_lookup() was to auto-update a hardlink with the
correct watch. The only way a hardlink will generate audit records is if
it's inode is being watched and the only way the inode can be watched is if
one of it's dentry's is at a watch point. So, take this scenario for example
-- this is how we should currently perform:
Are you also relying on the __d_lookup() hook to properly update/clear
i_audit->wentry fields for inodes already in the dcache for removed
watches (i.e. after an auditctl -W /tmp/foo, the subsequent
audit_attach_watch call by __d_lookup is what will reset the i_audit
field for /tmp/foo)?
--
Stephen Smalley <sds(a)tycho.nsa.gov>
National Security Agency