[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFC][PATCH] (#6 U1) the latest incarnation



On Fri, 2005-03-25 at 10:46 -0600, Timothy R. Chavez wrote:
> I've kind of struggled with this one and am was a bit reluctant to add it.  
> Perhaps my logic is right, bu there's a better placement.  The reason why the 
> hook was placed in __d_lookup() was to auto-update a hardlink with the 
> correct watch.  The only way a hardlink will generate audit records is if 
> it's inode is being watched and the only way the inode can be watched is if 
> one of it's dentry's is at a watch point.  So, take this scenario for example 
> -- this is how we should currently perform:

Are you also relying on the __d_lookup() hook to properly update/clear
i_audit->wentry fields for inodes already in the dcache for removed
watches (i.e. after an auditctl -W /tmp/foo, the subsequent
audit_attach_watch call by __d_lookup is what will reset the i_audit
field for /tmp/foo)? 

-- 
Stephen Smalley <sds tycho nsa gov>
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]