Re: [RFC][PATCH] auditfs userspace

On Monday 07 March 2005 18:00, Timothy R. Chavez wrote: Shouldn't these defines come from the kernel header? diff -Nurp audit-0.6.5/src/auditctl.c audit-0.6.5-scratch/src/auditctl.c --- audit-0.6.5/src/auditctl.c 2005-03-03 10:11:00.000000000 -0600 +++ audit-0.6.5-scratch/src/auditctl.c 2005-03-07 15:56:19.000000000 -0600 @@ -49,6 +49,14 @@ */ #define LINE_SIZE 1600 +#define WATCH_MAY_EXEC 1 +#define WATCH_MAY_WRITE 2 +#define WATCH_MAY_READ 4 +#define WATCH_MAY_APPEND 8 + +#define WATCH_NAME 1 +#define WATCH_FILTERKEY 2 +#define WATCH_PERMS 3 Also, just a little design comment, do we really need to have an enable for fs auditing? Isn't there an implicit enabling by virtue of either having watches or not having them? Also, should there be a #ifdef CONFIG_AUDITFILESYSTEM? Shouldn't it be part of the audit system? The audit ipc patch, for example, didn't declare itself separately configurable. -Steve