[RFC][PATCH 2/2] file system auditing (#6U3)
Stephen Smalley
sds at tycho.nsa.gov
Thu Apr 7 13:14:51 UTC 2005
On Tue, 2005-04-05 at 23:30 +0100, David Woodhouse wrote:
> This bit should probably have been included in the first patch. And I
> wonder if we could in fact do without it altogether -- do we really need
> to grow the inode structure for this? Relatively few inodes will have
> i_audit populated -- could we keep the audit_data in a hash table, and
> just use a _flag_ in the inode to indicate that there are audit_data in
> the hash table for this inode?
Wouldn't this require preallocation of the audit data, similar to what
was done in earlier versions of the auditfs patch, since
audit_attach_watch cannot perform blocking allocation and cannot
propagate errors upon allocation failures? Seems like it might
complicate the code and the locking.
--
Stephen Smalley <sds at tycho.nsa.gov>
National Security Agency
More information about the Linux-audit
mailing list