[RFC][PATCH] (#2) Prelim in-kernel file system auditing support
Serge Hallyn
serue at us.ibm.com
Tue Jan 25 22:46:54 UTC 2005
On Tue, 2005-01-25 at 15:25 -0600, Timothy R. Chavez wrote:
> Any accesses on that inode,
> in that namespace (presumably the only access we care about), by an
> audited syscall will be noted and sent to userspace. Isn't that
> sufficient?
Not quite right: Any access to that inode from any namespace. Another
namespace might simply mean that you have a different path to the inode.
--
Serge Hallyn <serue at us.ibm.com>
More information about the Linux-audit
mailing list