Re: [2.6.16-rc6-m1 PATCH] Connector: Filesystem Events Connector try 2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Andrew Morton wrote:
Yi Yang <[email protected]> wrote:
This new patch is update for last patch, it removes spinlock and
makes include/linux/fsnotify.h more clean when CONFIG_FS_EVENTS=n,
it also reformats some too long lines so that they are less than 80
columns.

This patch implements a new connector, Filesystem Event Connector,
 the user can monitor filesystem activities via it, currently, it
 can monitor access, attribute change, open, create, modify, delete,
 move and close of any file or directory.

Every filesystem event will include tgid, uid and gid of the process
which triggered this event, process name, file or directory name operated by it.

That would seem to have some privacy implications...

I'd expect that all the info which is needed can be obtained via syscall
auditing.
Yes, but if enabling syscall audit, all the syscalls will be audited, so every syscall will add overhead, moreover , it will not only send log to klog or system log, but also it will send netlink message.

Filesystem events connector is very simple functionally, it just focuses on filesystem activities. Process Events
Connector(cn_proc) is a very typical case.
I don't recall having seen demand for this feature before.  For what reason
is it needed?  What is the application?
Anti-virus software can use this feature to monitor malign software's activities, foe example, modify system configuration or critical share libraries. Some system administration applications can use to obtain filesystem
activities of every user in order to diagnose some system troubles.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux