Re: [PATCH] audit: file system auditing based on location and name
On Thursday 07 July 2005 16:31, Arjan van de Ven wrote:
On Thu, 2005-07-07 at 15:48 -0400, Steve Grubb wrote:
> Tim's code lets you say I want change notification to this file only. The
> notification follows the audit format with all relavant pieces of information
> gathered at the time of the event and serialized with all other events.
well can't you sort of do that based on (selinux) security context of
the file already? after all that's part of the inode already. Isn't that
finegrained enough?
Provided you make it that far, yes, SE Linux _could_ be used to provide
similar functionality. But, what if you bottom out on a DAC decision?
[foo@liltux /]$ cat /etc/shadow
cat: /etc/shadow: Permission denied
-tim