[RFC][PATCH 1/2] (#6 U2) filesystem auditing

Hello, Here is the patch that implements the filesystem auditing component of the audit subsystem. For this list, attached as a file /w CHANGELOG. Patched against linux-2.6.11.5 -- Please note, this is untested in SMP (sorry Stephen, haven't had the time; will do tomorrow). CHANGELOG + Changed naming convention (most notably, removed my initials) -> linux-2.6.11.5-auditfs-tc1-6-2.patch to linux-2.6.11.5-auditfs.6.2.patch + Unconditionally allocate inode->i_audit, initialize to NULL -> Hook (1) in inode_alloc() : audit_inode_alloc() -> Hook (1) in destroy_inode() : audit_inode_free() + Additional placement of audit_notify_watch() hooks -> Hook (2) open_namei() : catch on succ/fail paths -> Hook (1) vfs_create() : catch post create -> Hook (1) vfs_mkdir() : catch post mkdir -> Hook (1) vfs_mknod() : catch post mknod -> Hook (1) vfs_symlink(): catch post symlink -> Hook (1) vfs_link() : catch post link -> Hook (1) vfs_rename_dir : post rename -> Hook (1) vfs_rename_other : post rename + Modified placement of audit_attach_watch() hooks -> Hook (1) d_move() : catch post move to attach watch + Added support for audit_context.aux (but did not add IPC portion) + Shifted audit_notify_watch() back to kernel/auditsc.c -> Store accessed audit_watch information on audit_context.aux to dump at audit_log_exit(), rather then instant delivery to user space. + Changed audit_watch *req field of audit_receive_watch() to void * + Shifted sanity checking / copying of watch data from userspace back into audit_watch_insert() and audit_watch_remove() + Added AUDIT_WATCH_LST support -> Added to switch statement in audit_receive_msg(), audit_netlink_ok(), and audit_receive_watch() + Added audit_watch_to_string() to convert watch to string + Added audit_list_watches() to send watches on a given directory back to user space in the form of strings + Added AUDIT_WATCH_ERR support - generic channel to send messages about watch actions to userspace; convert audit_receive_watch() to use this + Moved placement of locked audit_fetch_watch of parent above write_lock on child to prevent deadlock if parent == child in audit_attach_watch. Have not tested code on SMP, however. -- -tim