Re: [PATCH] audit: file system auditing based on location and name

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jul 06, 2005 at 09:33:05PM -0400, Steve Grubb wrote:
> On Wednesday 06 July 2005 19:50, Greg KH wrote:
> > As inotify works off of open file descriptors, yes, this is true. ?But,
> > again, if you think this is really important, then why not just work
> > with inotify to provide that kind of support to it?
> 
> http://marc.theaimsgroup.com/?l=linux-kernel&m=110265021327578&w=2
> 
> I think Tim was told not to dig into inotify.

That was over 6 months ago.  Things change :)

> A lot of effort has been put into testing the code Tim has presented
> with review from several kernel developers (listed in the cc). They
> too should step up and give their opinion on this.

Sure, be glad to listen to them.

> I want to believe questions were asked about this last December when we were 
> starting into this effort. I think the conclusion from the inotify people was 
> for us to proceed and then when we know what we really want, we can refactor 
> should anything be in common.

I fail to see any refactoring here, why not make your patch rely on
theirs?

> > I suggest you work together with the inotify developers to hash out your
> > differences, as it sounds like you are duplicating a lot of the same
> > functionality.
> 
> Maybe yes and no. Now that the fs audit code is out, I think we can spot 
> commonality. The only common piece that I can think of is just the hook.

That's a good place to start.

> The whole rest of it is different. I hope the inotify people comment
> on this to see if there is indeed something that should be refactored.

I realize your userspace access is different, yet I do not believe yet
that it should be this way.

> > Do you have any documetation or example userspace code that shows how to
> > use this auditfs interface you have created?
> 
> people.redhat.com/sgrubb/audit

No documentation on the auditfs interface :(

> The audit package is currently distributed in Fedora Core 4. The code to use 
> Tim's fs audit code is in the user space app, but is waiting for the kernel 
> pieces.

So the userspace package in FC4 will not use auditfs?

thanks,

greg k-h
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]
  Powered by Linux