[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFC][PATCH] (#6 U1) the latest incarnation



On Friday 25 March 2005 12:16 pm, Stephen Smalley wrote:
> On Fri, 2005-03-25 at 10:46 -0600, Timothy R. Chavez wrote:
> > I've kind of struggled with this one and am was a bit reluctant to add
> > it. Perhaps my logic is right, bu there's a better placement.  The reason
> > why the hook was placed in __d_lookup() was to auto-update a hardlink
> > with the correct watch.  The only way a hardlink will generate audit
> > records is if it's inode is being watched and the only way the inode can
> > be watched is if one of it's dentry's is at a watch point.  So, take this
> > scenario for example -- this is how we should currently perform:
>
> Are you also relying on the __d_lookup() hook to properly update/clear
> i_audit->wentry fields for inodes already in the dcache for removed
> watches (i.e. after an auditctl -W /tmp/foo, the subsequent
> audit_attach_watch call by __d_lookup is what will reset the i_audit
> field for /tmp/foo)?

Yes, that is correct.  So it is also used to clear out any references to an 
unhashed wentry.  So when we look for a wentry and we get NULL back, we first 
put back our reference to the unhashed wentry (and provided all other 
references are dropped, put our memory back into the cache) and 
audit_wentry_get(NULL).

-tim


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]