[RFC][PATCH] (#2) Prelim in-kernel file system auditing support
Casey Schaufler
casey at schaufler-ca.com
Tue Jan 25 18:51:08 UTC 2005
--- "Timothy R. Chavez" <chavezt at gmail.com> wrote:
> To be honest, I haven't really considered the chroot
> environment. I
> guess the check really needs to be after the lookup
> and I should
> check:
>
> if(nd.dentry == nd.dentry->d_parent) {
> return -EPERM;
> ....
> }
I thought that might be what you really meant.
> The reason for this is simple. You can't watch
> yourself. Is this a problem?
No worries.
> > Where does one put the ACL, MAC label, and/or
> > capability set of the file? I may not be able
> > to go get it later, as it may change or worse,
> > the file might be gone by then.
>
> I've not given this any thought. This is on the
> table and needs to
> furthered discussed. Klaus?
A field that is the head of a list of
additional "information units" (tokens
in other systems) would be most general.
=====
Casey Schaufler
casey at schaufler-ca.com
__________________________________
Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
http://promotions.yahoo.com/new_mail
More information about the Linux-audit
mailing list