[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFC][PATCH 0/2] (#6 U2) filesystem auditing



On Wed, 2005-03-30 at 11:23 -0600, Timothy R. Chavez wrote:
> On Tuesday 29 March 2005 10:16 am, Stephen Smalley wrote:
> > You likely need to explain why may_create is not adequate (i.e. no inode
> > yet).  Although this almost makes me wonder whether i_audit should be
> > d_audit, i.e. a field of the dentry, as your entire scheme is based on
> > (parent directory, component name) pairs anyway.
> 
> For reason's we discussed on the phone it's probably best to keep the 
> information stored at the inode level.

Possibly, but be prepared for the question on linux-fsdevel.  When the
SELinux kernel patch was first presented to the kernel developers at the
March 2001 Kernel Summit, they definitely questioned the association of
security data with the inode vs. the dentry.  In the case of MAC, we can
clearly justify that design choice, as we want to label and control
access to the real object, not the name by which it is accessed, but in
the case of a name-based auditing scheme like yours, the justification
seems weaker.

-- 
Stephen Smalley <sds tycho nsa gov>
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]