patch update to ~51
David Woodhouse
dwmw2 at infradead.org
Thu Jun 2 13:39:07 UTC 2005
On Thu, 2005-06-02 at 09:28 -0400, Steve Grubb wrote:
> I don't think this matters. If you set a rule, shouldn't it exist until
> deleted? Imagine the fun if iptables deleted rules when you take an interface
> down and up. Also, how do you apply rules to files before mounting a
> partition so there are no races?
>
> I would imagine that the file system auditing would hook mount, mkdir, open, &
> rename to see if a watch on the global list can be enabled. umount, rmdir,
> unlink, rename would keep the rule on the global list, but possibly disable
> it from triggering. This would follow the principal of least surprise.
>
What you suggest would require a complete redesign, and I don't see a
way of doing it that would have any chance of being acceptable
upstream.
--
dwmw2
More information about the Linux-audit
mailing list