[RFC][PATCH] (#4) auditfs
Stephen Smalley
sds at tycho.nsa.gov
Thu Feb 24 15:06:00 UTC 2005
On Wed, 2005-02-23 at 17:26 -0600, Timothy R. Chavez wrote:
> Ok, great. I've removed the hooks. I can also get away with taking
> the hooks out of unlink right because I should be hitting permission()
> in access(), before I do the unlink()?
Not sure what you mean by access() - do you mean permission()?
In any event, you still need a hook in vfs_unlink() if you want to catch
the actual victim inode, as that isn't passed to any permission() call.
--
Stephen Smalley <sds at tycho.nsa.gov>
National Security Agency
More information about the Linux-audit
mailing list