[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: patch update to ~51



On Thu, 2005-06-02 at 09:28 -0400, Steve Grubb wrote:
> I don't think this matters. If you set a rule, shouldn't it exist until 
> deleted? Imagine the fun if iptables deleted rules when you take an interface 
> down and up. Also, how do you apply rules to files before mounting a 
> partition so there are no races?
>
> I would imagine that the file system auditing would hook mount, mkdir, open, & 
> rename to see if a watch on the global list can be enabled. umount, rmdir, 
> unlink, rename would keep the rule on the global list, but possibly disable 
> it from triggering. This would follow the principal of least surprise.
> 
What you suggest would require a complete redesign, and I don't see a
way of doing it that would have any chance of being acceptable
upstream. 

-- 
dwmw2


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]