[RFC][PATCH 1/2] (#6 U2) filesystem auditing
Timothy R. Chavez
tinytim at us.ibm.com
Tue Mar 29 17:54:32 UTC 2005
On Tuesday 29 March 2005 10:31 am, Steve Grubb wrote:
> On Tuesday 29 March 2005 10:38, Timothy R. Chavez wrote:
> > I can change this. Easy enough. This will reduce the reply code for
> > insert/delete for 0.6.9 too and eliminate a macro.
>
> Thanks. I think it simplifies the code.
>
> And then there's this:
>
> + Shifted sanity checking / copying of watch data from userspace back into
> audit_watch_insert() and audit_watch_remove()
>
Yeah I suppose I should rethink this and centralize all the checking as best
as possible.
>
> But when you think about it, couldn't list have an invalid path as well?
Yeah, it can, but since it's already a kernel space string and I'm just
passing it path_lookup, it ought to fail accordingly.
> Does list need the same sanity checking? If not, audit_receive_msg could
> just call audit_list_watches directly. Also, audit_receive_watch does not
> need a default because audit_receive_msg only calls it if the type is
> something it handles.
I think this is actually the best approach.
-tim
More information about the Linux-audit
mailing list