[PATCH] audit: file system auditing based on location and name
Steve Grubb
sgrubb at redhat.com
Thu Jul 7 18:49:09 UTC 2005
On Thursday 07 July 2005 14:15, Greg KH wrote:
> I fail to see any refactoring here, why not make your patch rely on
> theirs?
At the time this code was developed, inotify was not in the kernel. We would
be patching against another patch that's not in the kernel.
> > The whole rest of it is different. I hope the inotify people comment
> > on this to see if there is indeed something that should be refactored.
>
> I realize your userspace access is different, yet I do not believe yet
> that it should be this way.
The problems that we are faced with are dictated by CAPP and other security
profiles. The audit user space access has been in the kernel for over a year,
so that's not really a good thing to go changing.
> No documentation on the auditfs interface :(
That's what Tim's email was providing. Its a new component.
> > The audit package is currently distributed in Fedora Core 4. The code to
> > use Tim's fs audit code is in the user space app, but is waiting for the
> > kernel pieces.
>
> So the userspace package in FC4 will not use auditfs?
Right. You get a few warnings due to missing functionality. If the kernel were
patched with Tim's code, it all works as expected. We have worked out the
user space access and that shouldn't be changing.
-Steve
More information about the Linux-audit
mailing list