[RFC][PATCH] (#2) Prelim in-kernel file system auditing support

Stephen Smalley sds at epoch.ncsc.mil
Thu Jan 27 13:59:14 UTC 2005


On Tue, 2005-01-25 at 01:22, Timothy R. Chavez wrote:
> Once again, thank you to Serge, Chris, and David for all the insight. 
> Here's the latest patch incorporating many of the changes you all
> suggested.  There are still some things missing and not fully tested
> (for instance, the locking).
> 
> TODO:
> 
> * Make filesystem auditing enabled/disabled at runtime
> * Re-add comments with proper DocBook formatting
> * Remove Makefile changes
> * Move struct audit_file to a slab cache
> 
> Am I forgetting something? (Soooo tired ;-))
> 
> I'd appreciate any and all comments / feedback.  Thank you.

Very minor nit:  Define a static inline for audit_inode_alloc() and use
it in alloc_inode(), and eliminate the #ifdef's there (and in
destroy_inode).  You can just define them to the empty function in your
header file if the config option isn't set.  Also, static inlines are
preferred to macros because they apply type checking even when the
option is disabled.  Documentation/SubmittingPatches, Section 2.

-- 
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency




More information about the Linux-audit mailing list