[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFC][PATCH] (#4) auditfs



On Thu, 24 Feb 2005 10:06:00 -0500, Stephen Smalley <sds tycho nsa gov> wrote:
> On Wed, 2005-02-23 at 17:26 -0600, Timothy R. Chavez wrote:
> > Ok, great.  I've removed the hooks.  I can also get away with taking
> > the hooks out of unlink right because I should be hitting permission()
> > in access(), before I do the unlink()?
> 
> Not sure what you mean by access() - do you mean permission()?
> 
> In any event, you still need a hook in vfs_unlink() if you want to catch
> the actual victim inode, as that isn't passed to any permission() call.

Right.  My mistake.  I was naively going off strace.  Thanks.

> 
> --
> Stephen Smalley <sds tycho nsa gov>
> National Security Agency
> 
> 


-- 
- Timothy R. Chavez


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]