[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: what's in the works



On Monday 28 March 2005 15:34, Timothy R. Chavez wrote:
> What good would dumping the watch information be if you don't know where
> the watch trully is in the filesystem?  

So that you can delete it or see what is supposed to be in-kernel.

> Shouldn't that also be important? 

Yes and no. The reason you dump the list is to confirm that watches were 
loaded, or to jog your memory as you delete one, or maybe you want to see if 
a watch already exists before you add another. You also might dump a list in 
troubleshooting to see why an audit event isn't being detected. In all cases 
you at least want the information that was sent into the kernel.

Can you explicitly state the namespace or device when you load a watch? Or 
does the device and namespace get implicitly bound to the path by virtue of 
who loaded the watch and at what time? Or does the watch work for all name 
spaces and devices? (This topic needs to be documented for the man page.)

If there's an implicit binding, I can see why you might want that info during 
troubleshooting. But its not the same as getting a list for the purpose of 
deleting one.

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]