Re: [RFC][PATCH 2/2] file system auditing (#6U3)
On Tuesday 05 April 2005 05:30 pm, David Woodhouse wrote:
On Mon, 2005-04-04 at 10:38 -0500, Timothy R. Chavez wrote:
> diff -Nurp linux-2.6.11.5/include/linux/fs.h
> linux-2.6.11.5~auditfs/include/linux/fs.h ---
> linux-2.6.11.5/include/linux/fs.h 2005-03-19 00:34:53.000000000 -0600
> +++ linux-2.6.11.5~auditfs/include/linux/fs.h 2005-03-31
> 11:38:03.000000000 -0600 @@ -477,6 +477,7 @@ struct inode {
> unsigned int i_flags;
>
> atomic_t i_writecount;
> + struct audit_data *i_audit;
> void *i_security;
> union {
> void *generic_ip;
Aye, you're right.
This bit should probably have been included in the first patch. And I
wonder if we could in fact do without it altogether -- do we really need
to grow the inode structure for this? Relatively few inodes will have
i_audit populated -- could we keep the audit_data in a hash table, and
just use a _flag_ in the inode to indicate that there are audit_data in
the hash table for this inode?
Haha. Your timing is impeccable :)
-tim
I believe that there is already an implementation of such a hash table
floating around, because it was once suggested for the i_security field.
Serge, do you have one?