[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFC] [PATCH]



On Fri, 2006-02-17 at 10:04 -0600, Dustin Kirkland wrote:
> On Fri, 2006-02-17 at 08:43 -0600, Darrel Goeddel wrote:
> > It would seem to me that we need the current functionality of keeping all rules
> > that are set up and revalidating them upon policy loads.  If we don't do it here,
> > it would need to be done at the audit layer - it might not be as pretty there.
> 
> 
> I don't know...  My first thoughts are that it seems like the audit
> layer should be ignorant of policy loads/reloads--that's not really it's
> business.

Disagree - it is caching policy information, and thus should register a
callback for notification of reloads so that it can re-process its audit
rules at that time, similar to the netif table.  That would presumably
address the locking concern as well.

-- 
Stephen Smalley
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]