[RFC][PATCH] (#4) auditfs
Stephen Smalley
sds at tycho.nsa.gov
Thu Feb 24 18:31:52 UTC 2005
On Thu, 2005-02-24 at 12:13 -0600, Timothy R. Chavez wrote:
> I'd like to start getting feedback on linux-fsdevel with a CC directly
> to Al Viro about the design itself. What do you all think of this
> approach? Or perhaps I should bring it directly to LKML? Should I
> wait until the intermediary patch #5 is completed and tested before I
> start any dialog? I personally think overlapping the two would be
> fine. The reason I think this is because the first major stumbling
> block has nothing to do with the implementation itself, but the design
> and all the philosophy and politics surrounding it. As soon as I
> mention "filesystem auditing" I've noticed that people get antsy and
> immediately try to beat it down like a pianta made out of software
> patents J/K. Thus I feel a large part of this endeveour is going to
> revolve around explanation. Do you agree? I'd appreciate some
> feedback.
I think taking it to linux-fsdevel soon is a good idea, but not before
you have code that you can show to demonstrate concretely what you are
trying to achieve, i.e. I'd wait until you have a fixed up version of
your patch. And you'll need a clear description of what your real goals
are, e.g. what events do we truly need to be able to enable object
identity-based auditing for? Seems to be some confusion on this point,
e.g. the discussion on read/write vs. open, unlink hook, etc.
--
Stephen Smalley <sds at tycho.nsa.gov>
National Security Agency
More information about the Linux-audit
mailing list