[RFC][PATCH 1/3] CAPP-compliant file system auditing
Timothy R. Chavez
tinytim at us.ibm.com
Thu Mar 31 18:55:12 UTC 2005
On Thursday 31 March 2005 01:08 pm, Stephen Smalley wrote:
> On Thu, 2005-03-31 at 12:17 -0600, Timothy R. Chavez wrote:
> > I suspect there will be questions framed around specific parts of this
> > design and I will address them as they come. However, please keep in
> > mind that we are not auditing based on content, but "name".
>
> Or possibly location.
>
> > This is _not_ a general purpose file system auditing solution.
>
> Ah, bad statement to make when seeking acceptance into a general purpose
> operating system. Better to say that this is intended to complement the
> existing support for auditing based on (device,inode) pair to fill a
> specific gap, namely preservation of audit on particular locations
> across transactions?
Can you tell that I'm an inexperienced kernel developer yet :)? Haha.
-tim
More information about the Linux-audit
mailing list