[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFC][PATCH] (#6 U1) the latest incarnation



On Fri, 2005-03-25 at 08:04 -0500, Stephen Smalley wrote:
> With regard to additional hook placement for audit_notify_watch, I think
> you likely do want to mirror the security*_post* hooks for file creation
> (create, mkdir, mknod, symlink), rename, and link with
> audit_notify_watch calls to perform notifications of such events.  Then
> you keep audit_attach_watch calls in the dcache routines to manage the
> i_audit fields and avoid races.  However, I think you need to check
> whether you truly need all of the current hook placements in the dcache
> routines or whether some of them are duplicative on the same code path,
> e.g. do you need both __d_lookup and d_instantiate/d_splice_alias
> hooked?

I don't see what the __d_lookup hook buys you, can you explain?  The
d_instantiate and d_splice_alias hooks ensure that you attach watches to
inodes when they are looked up or created before they can be accessed by
another thread via the dcache (since you call the hook before releasing
the dcache lock).  What do you need the __d_lookup hook for?

-- 
Stephen Smalley <sds tycho nsa gov>
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]