Re: [RFC][PATCH 0/3][REVISED] CAPP-compliant file system auditing
On Thu, 2005-03-31 at 16:46 -0600, Timothy R. Chavez wrote:
.:: Introduction ::.
I'd drop the titles. Just eats up space to no advantage.
The audit subsystem is currently incapable of auditing a file system
object
based on its location and name. This is critical for auditing well-defined
and security-relevant files such as /etc/shadow, where auditing on inode and
device is fallible. This patch adds the necessary functionality to the audit
subsystem and VFS to support file system auditing in which an object is
audited based on its location and name.
This is much better. Now, I think it is still ok (and likely good) to
mention that this work is being done in order to meet CAPP requirements.
Just add a sentence at the end of this paragraph that notes this fact.
The second patch consists of file system hooks. I anticipate some
discussion
with regards to them and wanted to provide some context around their
placements and purpose.
The last sentence sounds a little odd; it isn't clear that you are
providing that context in the third message/2nd patch.
BTW, I think I saw some discussion on lkml earlier that suggested that
the whole [0/n] style of submissions was viewed as a nuisance for real
submission, although it may be appropriate for RFC, because it
ultimately means that Andrew has to manually insert the introductory
text into the patches so that it isn't lost when they are merged.
--
Stephen Smalley <sds(a)tycho.nsa.gov>
National Security Agency