[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFC][PATCH] (#6 U1) the latest incarnation



On Fri, 2005-03-25 at 11:07 -0600, Timothy R. Chavez wrote:
> I'm not entirely sure we should hook mknod or symlink.  We're not making any 
> claims about the watchability of a device, or symlink with this code.  Do you 
> agree?

We are only talking about post hooks to generate audit messages via
audit_notify_watch() if the inode has previously been marked by
audit_attach_watch().  Given your other hooks, it should already be
possible to audit reads and writes to device nodes (since a watch should
be possible to attach using your existing hooks in
d_instantiate/d_splice_alias and notifications should be generated using
your hook in permission), so why not allow auditing of creates as well?
Given that udev makes /dev dynamic, it seems like watches might be
important there as well, eh?

-- 
Stephen Smalley <sds tycho nsa gov>
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]