[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFC][PATCH 2/2] (#6 U2) filesystem auditing

On Monday 28 March 2005 20:55, Timothy R. Chavez wrote:
>    -> Added support for watch listing in auditctl

I'm happy we have something. However, we never finished the discussion from 
yesterday. I don't think you should have to pass a path to list the watches. 
Let's just walk the watch list and dump the strings. Maybe what you are 
thinking of is a watch status command? Pass a path and it tells you what 
device and namespace its bound to. But I'm just guessing since we need to 
finish the questions I posed yesterday:

1) Can you explicitly state the namespace or device when you load a watch? 

2) Does the device and namespace get implicitly bound to the path by virtue
of who loaded the watch and the mount table that in effect at the time the 
rule was loaded?

3) Does the watch work for all name spaces and devices? 

These topics need to be documented for the man page.

> + Changed types in libaudit to be identical to the types of audit_watch in
> audit.h

I'll readjust the types to userspace types. __u32 is kernel. uint32_t is 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]