Re: [RFC][PATCH] (#6 U1) the latest incarnation
On Friday 25 March 2005 07:04 am, Stephen Smalley wrote:
Alternatively, you could just view "rename",
"link", and "unlink" as
another form of write, so you could pass MAY_WRITE here.
I think we should keep it simple for the time being and go with this.
With regard to additional hook placement for audit_notify_watch, I think
you likely do want to mirror the security*_post* hooks for file creation
(create, mkdir, mknod, symlink), rename, and link with
audit_notify_watch calls to perform notifications of such events.
I'm not entirely sure we should hook mknod or symlink. We're not making any
claims about the watchability of a device, or symlink with this code. Do you
agree?
-tim