[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFC][PATCH 1/3] CAPP-compliant file system auditing



On Thu, 2005-03-31 at 12:17 -0600, Timothy R. Chavez wrote:
> I suspect there will be questions framed around specific parts of this design 
> and I will address them as they come.  However, please keep in mind that we 
> are not auditing based on content, but "name".

Or possibly location.

> This is _not_ a general purpose file system auditing solution.

Ah, bad statement to make when seeking acceptance into a general purpose
operating system.  Better to say that this is intended to complement the
existing support for auditing based on (device,inode) pair to fill a
specific gap, namely preservation of audit on particular locations
across transactions?

> This patch was diffed against linux-2.6.11.5 and introduces the new 
> functionality to the kernel's audit subsystem.  

Diffs against 2.6.11.5 might be fine for an RFC, but for real
submission, you need to be more bleeding edge, e.g. 2.6.12-rc1-mm4 or
whatever the latest one is.  Especially as there are already audit-
related patches there.

-- 
Stephen Smalley <sds tycho nsa gov>
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]