[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: dev information for open, exec?



On Tue, 2005-02-22 at 09:54 -0800, Chris Wright wrote:
> The dev value is actually rdev.  So it's not bogus if you're accessing,
> for example, /dev/hda1.  Reasonable question whether that's both
> intentional and sufficient.  Given namespace possibilities, I assumed
> that dev/ino pair was dumped to uniquely identify the object.

Yes, this looks like a bug to me in the audit code, particularly as the
existing filter code lets you filter based on rdev and ino (whereas I'd
expect you would want to filter based on a specific object identified by
(dev,ino) pair).  Should path_lookup() be passing nd->dentry->d_inode-
>i_sb->s_dev to audit_inode() instead?

-- 
Stephen Smalley <sds tycho nsa gov>
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]