[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFC][PATCH] (#2) Prelim in-kernel file system auditing support



On Tue, 25 Jan 2005 16:46:54 -0600, Serge Hallyn <serue us ibm com> wrote:
> On Tue, 2005-01-25 at 15:25 -0600, Timothy R. Chavez wrote:
> >  Any accesses on that inode,
> > in that namespace (presumably the only access we care about), by an
> > audited syscall will be noted and sent to userspace.  Isn't that
> > sufficient?
> 
> Not quite right:  Any access to that inode from any namespace.  Another
> namespace might simply mean that you have a different path to the inode.
> 

Alright, I see better now the concern.  But because the audit
information is associated with the inode via an administrator action,
it still remains true that any access to that inode will be caught,
from any namespace.  Correct?

I guess the assumption here is that the administrator knows that
he/she is in the right namespace when adding/removing watches so that
they tag the appropriate inodes.

> --
> Serge Hallyn <serue us ibm com>
> 
> 


-- 
- Timothy R. Chavez


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]