[RFC][PATCH 0/3][REVISED] CAPP-compliant file system auditing

[Stephen Smalley]

On Thu, 2005-03-31 at 16:46 -0600, Timothy R. Chavez wrote:
> .:: Introduction ::.

I'd drop the titles.  Just eats up space to no advantage.

> The audit subsystem is currently incapable of auditing a file system object 
> based on its location and name.  This is critical for auditing well-defined 
> and security-relevant files such as /etc/shadow, where auditing on inode and 
> device is fallible.  This patch adds the necessary functionality to the audit 
> subsystem and VFS to support file system auditing in which an object is 
> audited based on its location and name.

This is much better.  Now, I think it is still ok (and likely good) to
mention that this work is being done in order to meet CAPP requirements.
Just add a sentence at the end of this paragraph that notes this fact.

> The second patch consists of file system hooks.  I anticipate some discussion 
> with regards to them and wanted to provide some context around their 
> placements and purpose.

The last sentence sounds a little odd; it isn't clear that you are
providing that context in the third message/2nd patch.

BTW, I think I saw some discussion on lkml earlier that suggested that
the whole [0/n] style of submissions was viewed as a nuisance for real
submission, although it may be appropriate for RFC, because it
ultimately means that Andrew has to manually insert the introductory
text into the patches so that it isn't lost when they are merged.

-- 
Stephen Smalley <sds at tycho.nsa.gov>
National Security Agency