Re: [RFC][PATCH] (#4) auditfs
On Thu, 24 Feb 2005 10:06:00 -0500, Stephen Smalley <sds(a)tycho.nsa.gov> wrote:
On Wed, 2005-02-23 at 17:26 -0600, Timothy R. Chavez wrote:
> Ok, great. I've removed the hooks. I can also get away with taking
> the hooks out of unlink right because I should be hitting permission()
> in access(), before I do the unlink()?
Not sure what you mean by access() - do you mean permission()?
In any event, you still need a hook in vfs_unlink() if you want to catch
the actual victim inode, as that isn't passed to any permission() call.
Right. My mistake. I was naively going off strace. Thanks.
--
Stephen Smalley <sds(a)tycho.nsa.gov>
National Security Agency
--
- Timothy R. Chavez