[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFC][PATCH 0/3][REVISED] CAPP-compliant file system auditing



.:: Introduction ::.

The audit subsystem is currently incapable of auditing a file system object 
based on its location and name.  This is critical for auditing well-defined 
and security-relevant files such as /etc/shadow, where auditing on inode and 
device is fallible.  This patch adds the necessary functionality to the audit 
subsystem and VFS to support file system auditing in which an object is 
audited based on its location and name.

The patch is split in two.

The first patch is the implementation of file system auditing.  The bulk of it 
resides in kernel/auditfs.c.  It is accompanied by a functional overview of 
the design in the next message.

The second patch consists of file system hooks.  I anticipate some discussion 
with regards to them and wanted to provide some context around their 
placements and purpose.

----

There... is that succinct enough?


-tim


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]