[RFC] [PATCH]
Stephen Smalley
sds at tycho.nsa.gov
Fri Feb 17 18:26:29 UTC 2006
On Fri, 2006-02-17 at 10:04 -0600, Dustin Kirkland wrote:
> On Fri, 2006-02-17 at 08:43 -0600, Darrel Goeddel wrote:
> > It would seem to me that we need the current functionality of keeping all rules
> > that are set up and revalidating them upon policy loads. If we don't do it here,
> > it would need to be done at the audit layer - it might not be as pretty there.
>
>
> I don't know... My first thoughts are that it seems like the audit
> layer should be ignorant of policy loads/reloads--that's not really it's
> business.
Disagree - it is caching policy information, and thus should register a
callback for notification of reloads so that it can re-process its audit
rules at that time, similar to the netif table. That would presumably
address the locking concern as well.
--
Stephen Smalley
National Security Agency
More information about the Linux-audit
mailing list