Re: [RFC][PATCH 2/2] file system auditing (#6U3)
On Tue, 2005-04-05 at 23:30 +0100, David Woodhouse wrote:
This bit should probably have been included in the first patch. And
I
wonder if we could in fact do without it altogether -- do we really need
to grow the inode structure for this? Relatively few inodes will have
i_audit populated -- could we keep the audit_data in a hash table, and
just use a _flag_ in the inode to indicate that there are audit_data in
the hash table for this inode?
Wouldn't this require preallocation of the audit data, similar to what
was done in earlier versions of the auditfs patch, since
audit_attach_watch cannot perform blocking allocation and cannot
propagate errors upon allocation failures? Seems like it might
complicate the code and the locking.
--
Stephen Smalley <sds(a)tycho.nsa.gov>
National Security Agency