On Thu, 2005-06-02 at 09:28 -0400, Steve Grubb wrote:
I don't think this matters. If you set a rule, shouldn't it
exist until
deleted? Imagine the fun if iptables deleted rules when you take an interface
down and up. Also, how do you apply rules to files before mounting a
partition so there are no races?
I would imagine that the file system auditing would hook mount, mkdir, open, &
rename to see if a watch on the global list can be enabled. umount, rmdir,
unlink, rename would keep the rule on the global list, but possibly disable
it from triggering. This would follow the principal of least surprise.
What you suggest would require a complete redesign, and I don't see a
way of doing it that would have any chance of being acceptable
upstream.
--
dwmw2