[PATCH] audit: file system auditing based on location and name
Michael C Thompson
mcthomps at us.ibm.com
Mon Jul 11 16:07:17 UTC 2005
> > Ultimately, the part where we differ most, is the processing of
information in
> > fs/dcache.c to give dynamic updates in response to file system activity
(such
> > as attaching audit information to an auditable file whose inode just
changed).
> > I believe this should be kept seperate and not part of this framework
nor Inotify.
> > It's a specific requirement for audit, but not for Inotify. This is
one of the places
> > the two systems are functionally different.
>
> I don't think it should be different. If inotify wants to just ignore
> this information, it can.
Doesn't this mentality bring with it the risk of bloating a framework that
should be as
"trim" as possible? A seperation of functionality, while it might not be a
large issue
between these two systems, brings with it the expectation that any other
systems
using this common framework to keep their specific requirements seperate,
not inflating, and therefore complicating, what could, and should, be a
lightweight
framework.
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20050711/906357b5/attachment.htm>
More information about the Linux-audit
mailing list