[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFC][PATCH] (#2) Prelim in-kernel file system auditing support



On Tue, 2005-01-25 at 15:44 -0600, Timothy R. Chavez wrote:
> On Tue, 25 Jan 2005 16:46:54 -0600, Serge Hallyn <serue us ibm com> wrote:
> > On Tue, 2005-01-25 at 15:25 -0600, Timothy R. Chavez wrote:
> > >  Any accesses on that inode,
> > > in that namespace (presumably the only access we care about), by an
> > > audited syscall will be noted and sent to userspace.  Isn't that
> > > sufficient?
> > 
> > Not quite right:  Any access to that inode from any namespace.  Another
> > namespace might simply mean that you have a different path to the inode.
> > 
> 
> Alright, I see better now the concern.  But because the audit
> information is associated with the inode via an administrator action,
> it still remains true that any access to that inode will be caught,
> from any namespace.  Correct?

Exactly.

> I guess the assumption here is that the administrator knows that
> he/she is in the right namespace when adding/removing watches so that
> they tag the appropriate inodes.

Exactly.

-- 
Serge Hallyn <serue us ibm com>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]